setwd("C:/Users/v-tech/Desktop/samples/cve-common-vulnerabilities-and-exposures (1)")
#getwd()
#getwd()
setwd("C:/Users/v-tech/Desktop/samples/cve-common-vulnerabilities-and-exposures (1)")
The working directory was changed to C:/Users/v-tech/Desktop/samples/cve-common-vulnerabilities-and-exposures (1) inside a notebook chunk. The working directory will be reset when the chunk is finished running. Use the knitr root.dir option in the setup chunk to change the working directory for notebook chunks.
data <- read.csv("CVE.csv", header =TRUE, skip = 2)
head(data)
str(data)
'data.frame': 997 obs. of 7 variables:
$ Name : Factor w/ 997 levels "","before they can be added to the official CVE list. Therefore, these",..: 4 2 3 996 995 997 1 5 6 7 ...
$ Status : Factor w/ 3 levels "","Candidate",..: 1 1 1 1 1 1 1 2 3 3 ...
$ Description: Factor w/ 991 levels "","** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplic"| __truncated__,..: 1 1 1 1 1 1 1 571 262 464 ...
$ References : Factor w/ 821 levels "","AIXAPAR:IX80543 | URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only | RSI:RSI.0005.0"| __truncated__,..: 1 1 1 1 1 1 1 337 47 48 ...
$ Phase : Factor w/ 68 levels "","Interim (19990630)",..: 1 1 1 1 1 1 1 42 1 1 ...
$ Votes : Factor w/ 265 levels ""," ACCEPT(1) Baker | MODIFY(1) Frech",..: 1 1 1 1 1 1 1 247 1 1 ...
$ Comments : Factor w/ 314 levels "","Baker> Although newer versions on snmp are not as vulnerable as prior versions, | this can still be a signi"| __truncated__,..: 1 1 1 1 1 1 1 11 1 1 ...
sum(is.na(data))
converting to numeric
data$Status_r <- unclass(data$Status)
data$Description_r <- unclass(data$Description)
data$References_r <- unclass(data$References)
data$Phase_r <-unclass(data$Phase)
data$Votes_r <- unclass(data$Votes)
data$Comments_r <- unclass(data$Comments)
head(data)
lnm_fit = lm(formula = data$Votes_r ~ data$Description +data$Status +data$References , data= data)
summary(lnm_fit)
Call:
lm(formula = data$Votes_r ~ data$Description + data$Status +
data$References, data = data)
Residuals:
Min 1Q Median 3Q Max
-1.000e-11 0.000e+00 0.000e+00 0.000e+00 1.667e-11
Coefficients: (822 not defined because of singularities)
Estimate
(Intercept) 1.000e+00
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 1.170e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 2.470e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 2.480e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and CVE-1999-1586 to obtain the appropriate name. All references and descriptions in this candidate have been removed to prevent accidental usage. 6.100e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. It might be more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc." 1.960e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. Notes: the former description is: "A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities." 2.210e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to DNS service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NETBIOS is running." 9.000e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NIS is running." 9.200e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A database service is running, e.g. a SQL server, Oracle, or mySQL." 4.000e+00
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A POP service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A Windows NT Primary Domain Controller (PDC) or Backup Domain Controller (BDC) is present." 2.640e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO." 2.420e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "DCOM is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The bootparam (bootparamd) service is running." 7.700e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FSP service is running." 2.100e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The HTTP/WWW service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IMAP service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IRC service is running." 9.200e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The LDAP service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NFS service is running." 9.200e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NNTP news service is running." 9.200e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SMTP service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running." 1.640e+02
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SSH service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The Telnet service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The TFTP service is running." 9.600e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X Windows service is running." 9.200e+01
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X25 service is running." 9.600e+01
data$Description.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. 2.040e+02
data$Description64 bit Solaris 7 procfs allows local users to perform a denial of service. -5.716e-13
data$DescriptionA buffer overflow in lsof allows local users to obtain root privilege. -1.661e-12
data$DescriptionA buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. -6.341e-13
data$DescriptionA buffer overflow in the SGI X server allows local users to gain root access through the X server font path. -9.533e-13
data$DescriptionA bug in Cyrix CPUs on Linux allows local users to perform a denial of service. 8.118e-12
data$DescriptionA component service related to NIS+ is running. 9.600e+01
data$DescriptionA configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. 4.800e+01
data$DescriptionA default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. -1.700e-11
data$DescriptionA default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. -9.189e-13
data$DescriptionA default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. -1.734e-12
data$DescriptionA DNS server allows inverse queries. 2.390e+02
data$DescriptionA DNS server allows zone transfers. 2.390e+02
data$DescriptionA filter in a router or firewall allows unusual fragmented packets. 2.530e+02
data$DescriptionA hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. 6.400e+01
data$DescriptionA kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. 1.189e-12
data$DescriptionA later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. 1.130e+02
data$DescriptionA legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. -1.324e-12
data$DescriptionA mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. 1.560e+02
data$DescriptionA malicious Palace server can force a client to execute arbitrary programs. 4.175e-13
data$DescriptionA memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. 6.000e+01
data$DescriptionA NETBIOS/SMB share password is guessable. 2.220e+02
data$DescriptionA NETBIOS/SMB share password is the default, null, or missing. 2.220e+02
data$DescriptionA network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. 7.400e+01
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. 1.300e+02
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. 7.400e+01
data$DescriptionA network intrusion detection system (IDS) does not properly reassemble fragmented packets. 7.400e+01
data$DescriptionA network intrusion detection system (IDS) does not verify the checksum on a packet. 7.400e+01
data$DescriptionA network service is running on a nonstandard port. 2.590e+02
data$DescriptionA password for accessing a WWW URL is guessable. 1.990e+02
data$DescriptionA quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. -1.309e-12
data$DescriptionA race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. -1.184e-12
data$DescriptionA race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. -4.969e-13
data$DescriptionA race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. 1.000e+00
data$DescriptionA race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. -1.435e-12
data$DescriptionA race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. -1.442e-12
data$DescriptionA race condition in the Solaris ps command allows an attacker to overwrite critical files. -1.003e-12
data$DescriptionA remote attacker can disable the virus warning mechanism in Microsoft Excel 97. -2.402e-13
data$DescriptionA remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. 2.290e+02
data$DescriptionA remote attacker can read information from a Netscape user's cache via JavaScript. -9.365e-13
data$DescriptionA remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. 2.450e+02
data$DescriptionA router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. 5.000e+00
data$DescriptionA router's routing tables can be obtained from arbitrary hosts. 1.200e+01
data$DescriptionA router or firewall allows source routed packets from arbitrary hosts. 7.100e+01
data$DescriptionA router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. 1.530e+02
data$DescriptionA router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. 2.400e+01
data$DescriptionA Sendmail alias allows input to be piped to a program. 3.600e+01
data$DescriptionA service or application has a backdoor password that was placed there by the developer. 9.500e+01
data$DescriptionA superfluous NFS server is running, but it is not importing or exporting any file systems. 4.100e+01
data$DescriptionA system-critical NETBIOS/SMB share has inappropriate access control. 4.400e+01
data$DescriptionA system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. 1.950e+02
data$DescriptionA system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified. 1.520e+02
data$DescriptionA system-critical Unix file or directory has inappropriate permissions. 9.400e+01
data$DescriptionA system-critical Windows NT file or directory has inappropriate permissions. 9.300e+01
data$DescriptionA system-critical Windows NT registry key has an inappropriate value. 4.900e+01
data$DescriptionA system-critical Windows NT registry key has inappropriate permissions. 5.000e+01
data$DescriptionA system does not present an appropriate legal message or warning to a user who is accessing it. 7.000e+01
data$DescriptionA system is operating in "promiscuous" mode which allows it to perform packet sniffing. 7.200e+01
data$DescriptionA system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. 1.970e+02
data$DescriptionA trust relationship exists between two Unix hosts. 2.400e+02
data$DescriptionA Unix account has a default, null, blank, or missing password. 2.010e+02
data$DescriptionA Unix account has a guessable password. 1.570e+02
data$DescriptionA Unix account with a name other than "root" has UID 0, i.e. root privileges. 2.600e+02
data$DescriptionA URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. 5.100e+01
data$DescriptionA version of finger is running that exposes valid user information to any entity on the network. -2.997e-13
data$DescriptionA version of rusers is running that exposes valid user information to any entity on the network. -2.953e-12
data$DescriptionA vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. 1.890e+02
data$DescriptionA weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. 7.515e-13
data$DescriptionA weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. 1.500e+02
data$DescriptionA Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. -1.527e-12
data$DescriptionA Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. 3.300e+01
data$DescriptionA Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. 1.270e+02
data$DescriptionA Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. 1.780e+02
data$DescriptionA Windows NT administrator account has the default name of Administrator. 3.900e+01
data$DescriptionA Windows NT domain user or administrator account has a default, null, blank, or missing password. 1.990e+02
data$DescriptionA Windows NT domain user or administrator account has a guessable password. 1.990e+02
data$DescriptionA Windows NT file system is not NTFS. 1.240e+02
data$DescriptionA Windows NT local user or administrator account has a default, null, blank, or missing password. 2.010e+02
data$DescriptionA Windows NT local user or administrator account has a guessable password. 2.010e+02
data$DescriptionA Windows NT log file has an inappropriate maximum size or retention period. 2.410e+02
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. 1.280e+02
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. 1.650e+02
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. 1.650e+02
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. 2.060e+02
data$DescriptionA Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. 2.080e+02
data$DescriptionA Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. 8.900e+01
data$DescriptionA Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. 4.600e+01
data$DescriptionA Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. -2.128e-12
data$DescriptionA Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. -2.348e-12
data$DescriptionA Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. 2.180e+02
data$DescriptionA WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. 4.900e+01
data$DescriptionAAA authentication on Cisco systems allows attackers to execute commands without authorization. -1.757e-12
data$DescriptionACC Tigris allows public access without a login. -9.992e-13
data$DescriptionAccess violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. -1.264e-12
data$Descriptionadmintool in Solaris allows a local user to write to arbitrary files and gain root access. 1.184e-11
data$DescriptionAfter an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. -1.958e-12
data$DescriptionAIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. 3.407e-12
data$DescriptionAIX bugfiler program allows local users to gain root access. -3.888e-13
data$DescriptionAIX infod allows local users to gain root access through an X display. 1.288e-11
data$DescriptionAIX Licensed Program Product performance tools allow local users to gain root access. -1.225e-12
data$DescriptionAIX nslookup command allows local users to obtain root access by not dropping privileges correctly. 7.970e-12
data$DescriptionAIX passwd allows local users to gain root access. -2.246e-12
data$DescriptionAIX piodmgrsu command allows local users to gain additional group privileges. 5.353e-12
data$DescriptionAIX routed allows remote users to modify sensitive files. 1.200e+02
data$DescriptionAlibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. 2.120e+02
data$DescriptionAlibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. 8.600e+01
data$DescriptionAll records in a WINS database can be deleted through SNMP for a denial of service. -1.752e-12
data$DescriptionAN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. -1.503e-12
data$DescriptionAn account on a router, firewall, or other network device has a default, null, blank, or missing password. 2.000e+02
data$DescriptionAn account on a router, firewall, or other network device has a guessable password. 1.990e+02
data$DescriptionAn application-critical Windows NT registry key has an inappropriate value. 4.900e+01
data$DescriptionAn application-critical Windows NT registry key has inappropriate permissions. 5.000e+01
data$DescriptionAn attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. -5.962e-13
data$DescriptionAn attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. 8.200e+01
data$DescriptionAn attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). 5.700e+01
data$DescriptionAn attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. -9.771e-13
data$DescriptionAn event log in Windows NT has inappropriate access permissions. 9.300e+01
data$DescriptionAn example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. -2.096e-12
data$DescriptionAn incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. 7.000e+00
data$DescriptionAn incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. 7.000e+00
data$DescriptionAn incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. -7.580e-13
data$DescriptionAn incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. 7.000e+00
data$DescriptionAn incorrect configuration of the Webcart CGI program could disclose private information. 6.000e+00
data$DescriptionAn incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. 6.000e+00
data$DescriptionAn NIS domain name is easily guessable. 2.000e+02
data$DescriptionAn SNMP community name is guessable. 2.010e+02
data$DescriptionAn SNMP community name is the default (e.g. public), null, or missing. 2.010e+02
data$DescriptionAn SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. -1.698e-12
data$DescriptionAn SSH server allows authentication through the .rhosts file. 8.000e+01
data$DescriptionAn unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. 7.200e+01
data$DescriptionAn X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. -1.997e-12
data$DescriptionAnonymous FTP is enabled. 4.000e+01
data$DescriptionAnyForm CGI remote execution. -3.040e-12
data$DescriptionApache allows remote attackers to conduct a denial of service via a large number of MIME headers. 2.300e+01
data$DescriptionApache httpd cookie buffer overflow for versions 1.1.1 and earlier. -2.659e-13
data$DescriptionArbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. -3.357e-12
data$DescriptionArbitrary command execution via IMAP buffer overflow in authenticate command. -2.271e-12
data$DescriptionArbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. -4.898e-12
data$DescriptionArbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. -2.334e-12
data$DescriptionArkiea nlservd allows remote attackers to conduct a denial of service. 1.797e-12
data$DescriptionAttackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. -2.060e-12
data$DescriptionAttackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. -8.153e-13
data$DescriptionAttackers can do a denial of service of IRC by crashing the server. 2.630e+02
data$DescriptionAutomount daemon automountd allows local or remote users to gain privileges via shell metacharacters. -1.666e-12
data$DescriptionBash treats any character with a value of 255 as a command separator. 5.535e-12
data$DescriptionBMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. -1.672e-12
data$DescriptionBMC Patrol allows remote attackers to gain access to an agent by spoofing frames. -1.935e-12
data$DescriptionBNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. -1.399e-12
data$DescriptionBNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. -1.001e-12
data$DescriptionBonk variation of teardrop IP fragmentation denial of service. 2.560e+02
data$DescriptionBuffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. -1.420e-12
data$DescriptionBuffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. -1.561e-12
data$DescriptionBuffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. -9.946e-13
data$DescriptionBuffer overflow in AIX dtterm program for the CDE. -1.292e-12
data$DescriptionBuffer overflow in AIX ftpd in the libc library. -1.865e-12
data$DescriptionBuffer overflow in AIX lchangelv gives root access. -1.848e-12
data$DescriptionBuffer overflow in AIX libDtSvc library can allow local users to gain root access. 1.210e+02
data$DescriptionBuffer overflow in AIX lquerylv program gives root access to local users. -2.419e-12
data$DescriptionBuffer overflow in AIX rcp command allows local users to obtain root access. -9.046e-13
data$DescriptionBuffer overflow in AIX writesrv command allows local users to obtain root access. -7.349e-14
data$DescriptionBuffer overflow in AIX xdat gives root access to local users. 2.107e-12
data$DescriptionBuffer overflow in ALMail32 POP3 client via From: or To: headers. 2.280e+02
data$DescriptionBuffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. 9.000e+00
data$DescriptionBuffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. -1.627e-12
data$DescriptionBuffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. -2.250e-12
data$DescriptionBuffer overflow in BIND 8.2 via NXT records. -2.134e-12
data$DescriptionBuffer overflow in BNC IRC proxy allows remote attackers to gain privileges. -1.013e-12
data$DescriptionBuffer overflow in BNU UUCP daemon (uucpd) through long hostnames. -1.840e-12
data$DescriptionBuffer overflow in bootpd 2.4.3 and earlier via a long boot file location. 1.428e-12
Std. Error
(Intercept) 3.285e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and CVE-1999-1586 to obtain the appropriate name. All references and descriptions in this candidate have been removed to prevent accidental usage. 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. It might be more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. Notes: the former description is: "A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to DNS service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NETBIOS is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NIS is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A database service is running, e.g. a SQL server, Oracle, or mySQL." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A POP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A Windows NT Primary Domain Controller (PDC) or Backup Domain Controller (BDC) is present." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "DCOM is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The bootparam (bootparamd) service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FSP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The HTTP/WWW service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IMAP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IRC service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The LDAP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NFS service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NNTP news service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SMTP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SSH service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The Telnet service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The TFTP service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X Windows service is running." 9.292e-12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X25 service is running." 9.292e-12
data$Description.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. 9.292e-12
data$Description64 bit Solaris 7 procfs allows local users to perform a denial of service. 9.292e-12
data$DescriptionA buffer overflow in lsof allows local users to obtain root privilege. 9.292e-12
data$DescriptionA buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. 9.292e-12
data$DescriptionA buffer overflow in the SGI X server allows local users to gain root access through the X server font path. 9.292e-12
data$DescriptionA bug in Cyrix CPUs on Linux allows local users to perform a denial of service. 9.292e-12
data$DescriptionA component service related to NIS+ is running. 9.292e-12
data$DescriptionA configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. 9.292e-12
data$DescriptionA default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. 9.292e-12
data$DescriptionA default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. 9.292e-12
data$DescriptionA default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. 9.292e-12
data$DescriptionA DNS server allows inverse queries. 9.292e-12
data$DescriptionA DNS server allows zone transfers. 9.292e-12
data$DescriptionA filter in a router or firewall allows unusual fragmented packets. 9.292e-12
data$DescriptionA hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. 9.292e-12
data$DescriptionA kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. 9.292e-12
data$DescriptionA later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. 9.292e-12
data$DescriptionA legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. 9.292e-12
data$DescriptionA mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. 9.292e-12
data$DescriptionA malicious Palace server can force a client to execute arbitrary programs. 9.292e-12
data$DescriptionA memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. 9.292e-12
data$DescriptionA NETBIOS/SMB share password is guessable. 9.292e-12
data$DescriptionA NETBIOS/SMB share password is the default, null, or missing. 9.292e-12
data$DescriptionA network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. 9.292e-12
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. 9.292e-12
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. 9.292e-12
data$DescriptionA network intrusion detection system (IDS) does not properly reassemble fragmented packets. 9.292e-12
data$DescriptionA network intrusion detection system (IDS) does not verify the checksum on a packet. 9.292e-12
data$DescriptionA network service is running on a nonstandard port. 9.292e-12
data$DescriptionA password for accessing a WWW URL is guessable. 9.292e-12
data$DescriptionA quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. 9.292e-12
data$DescriptionA race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. 9.292e-12
data$DescriptionA race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. 9.292e-12
data$DescriptionA race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. 9.292e-12
data$DescriptionA race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. 9.292e-12
data$DescriptionA race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. 9.292e-12
data$DescriptionA race condition in the Solaris ps command allows an attacker to overwrite critical files. 9.292e-12
data$DescriptionA remote attacker can disable the virus warning mechanism in Microsoft Excel 97. 9.292e-12
data$DescriptionA remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. 9.292e-12
data$DescriptionA remote attacker can read information from a Netscape user's cache via JavaScript. 9.292e-12
data$DescriptionA remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. 9.292e-12
data$DescriptionA router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. 9.292e-12
data$DescriptionA router's routing tables can be obtained from arbitrary hosts. 9.292e-12
data$DescriptionA router or firewall allows source routed packets from arbitrary hosts. 9.292e-12
data$DescriptionA router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. 9.292e-12
data$DescriptionA router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. 9.292e-12
data$DescriptionA Sendmail alias allows input to be piped to a program. 9.292e-12
data$DescriptionA service or application has a backdoor password that was placed there by the developer. 9.292e-12
data$DescriptionA superfluous NFS server is running, but it is not importing or exporting any file systems. 9.292e-12
data$DescriptionA system-critical NETBIOS/SMB share has inappropriate access control. 9.292e-12
data$DescriptionA system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. 9.292e-12
data$DescriptionA system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified. 9.292e-12
data$DescriptionA system-critical Unix file or directory has inappropriate permissions. 9.292e-12
data$DescriptionA system-critical Windows NT file or directory has inappropriate permissions. 9.292e-12
data$DescriptionA system-critical Windows NT registry key has an inappropriate value. 9.292e-12
data$DescriptionA system-critical Windows NT registry key has inappropriate permissions. 9.292e-12
data$DescriptionA system does not present an appropriate legal message or warning to a user who is accessing it. 9.292e-12
data$DescriptionA system is operating in "promiscuous" mode which allows it to perform packet sniffing. 9.292e-12
data$DescriptionA system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. 9.292e-12
data$DescriptionA trust relationship exists between two Unix hosts. 9.292e-12
data$DescriptionA Unix account has a default, null, blank, or missing password. 9.292e-12
data$DescriptionA Unix account has a guessable password. 9.292e-12
data$DescriptionA Unix account with a name other than "root" has UID 0, i.e. root privileges. 9.292e-12
data$DescriptionA URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. 9.292e-12
data$DescriptionA version of finger is running that exposes valid user information to any entity on the network. 9.292e-12
data$DescriptionA version of rusers is running that exposes valid user information to any entity on the network. 9.292e-12
data$DescriptionA vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. 9.292e-12
data$DescriptionA weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. 9.292e-12
data$DescriptionA weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. 9.292e-12
data$DescriptionA Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. 9.292e-12
data$DescriptionA Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. 9.292e-12
data$DescriptionA Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. 9.292e-12
data$DescriptionA Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. 9.292e-12
data$DescriptionA Windows NT administrator account has the default name of Administrator. 9.292e-12
data$DescriptionA Windows NT domain user or administrator account has a default, null, blank, or missing password. 9.292e-12
data$DescriptionA Windows NT domain user or administrator account has a guessable password. 9.292e-12
data$DescriptionA Windows NT file system is not NTFS. 9.292e-12
data$DescriptionA Windows NT local user or administrator account has a default, null, blank, or missing password. 9.292e-12
data$DescriptionA Windows NT local user or administrator account has a guessable password. 9.292e-12
data$DescriptionA Windows NT log file has an inappropriate maximum size or retention period. 9.292e-12
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. 9.292e-12
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. 9.292e-12
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. 9.292e-12
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. 9.292e-12
data$DescriptionA Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. 9.292e-12
data$DescriptionA Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. 9.292e-12
data$DescriptionA Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. 9.292e-12
data$DescriptionA Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. 9.292e-12
data$DescriptionA Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. 9.292e-12
data$DescriptionA Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. 9.292e-12
data$DescriptionA WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. 9.292e-12
data$DescriptionAAA authentication on Cisco systems allows attackers to execute commands without authorization. 9.292e-12
data$DescriptionACC Tigris allows public access without a login. 9.292e-12
data$DescriptionAccess violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. 9.292e-12
data$Descriptionadmintool in Solaris allows a local user to write to arbitrary files and gain root access. 9.292e-12
data$DescriptionAfter an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. 9.292e-12
data$DescriptionAIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. 9.292e-12
data$DescriptionAIX bugfiler program allows local users to gain root access. 9.292e-12
data$DescriptionAIX infod allows local users to gain root access through an X display. 9.292e-12
data$DescriptionAIX Licensed Program Product performance tools allow local users to gain root access. 9.292e-12
data$DescriptionAIX nslookup command allows local users to obtain root access by not dropping privileges correctly. 9.292e-12
data$DescriptionAIX passwd allows local users to gain root access. 9.292e-12
data$DescriptionAIX piodmgrsu command allows local users to gain additional group privileges. 9.292e-12
data$DescriptionAIX routed allows remote users to modify sensitive files. 9.292e-12
data$DescriptionAlibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. 9.292e-12
data$DescriptionAlibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. 9.292e-12
data$DescriptionAll records in a WINS database can be deleted through SNMP for a denial of service. 9.292e-12
data$DescriptionAN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. 9.292e-12
data$DescriptionAn account on a router, firewall, or other network device has a default, null, blank, or missing password. 9.292e-12
data$DescriptionAn account on a router, firewall, or other network device has a guessable password. 9.292e-12
data$DescriptionAn application-critical Windows NT registry key has an inappropriate value. 9.292e-12
data$DescriptionAn application-critical Windows NT registry key has inappropriate permissions. 9.292e-12
data$DescriptionAn attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. 9.292e-12
data$DescriptionAn attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. 9.292e-12
data$DescriptionAn attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). 9.292e-12
data$DescriptionAn attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. 9.292e-12
data$DescriptionAn event log in Windows NT has inappropriate access permissions. 9.292e-12
data$DescriptionAn example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. 9.292e-12
data$DescriptionAn incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. 9.292e-12
data$DescriptionAn incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. 9.292e-12
data$DescriptionAn incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. 9.292e-12
data$DescriptionAn incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. 9.292e-12
data$DescriptionAn incorrect configuration of the Webcart CGI program could disclose private information. 9.292e-12
data$DescriptionAn incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. 9.292e-12
data$DescriptionAn NIS domain name is easily guessable. 9.292e-12
data$DescriptionAn SNMP community name is guessable. 9.292e-12
data$DescriptionAn SNMP community name is the default (e.g. public), null, or missing. 9.292e-12
data$DescriptionAn SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. 9.292e-12
data$DescriptionAn SSH server allows authentication through the .rhosts file. 9.292e-12
data$DescriptionAn unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. 9.292e-12
data$DescriptionAn X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. 9.292e-12
data$DescriptionAnonymous FTP is enabled. 9.292e-12
data$DescriptionAnyForm CGI remote execution. 9.292e-12
data$DescriptionApache allows remote attackers to conduct a denial of service via a large number of MIME headers. 9.292e-12
data$DescriptionApache httpd cookie buffer overflow for versions 1.1.1 and earlier. 9.292e-12
data$DescriptionArbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. 9.292e-12
data$DescriptionArbitrary command execution via IMAP buffer overflow in authenticate command. 9.292e-12
data$DescriptionArbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. 9.292e-12
data$DescriptionArbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. 9.292e-12
data$DescriptionArkiea nlservd allows remote attackers to conduct a denial of service. 9.292e-12
data$DescriptionAttackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. 9.292e-12
data$DescriptionAttackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. 9.292e-12
data$DescriptionAttackers can do a denial of service of IRC by crashing the server. 9.292e-12
data$DescriptionAutomount daemon automountd allows local or remote users to gain privileges via shell metacharacters. 9.292e-12
data$DescriptionBash treats any character with a value of 255 as a command separator. 9.292e-12
data$DescriptionBMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. 9.292e-12
data$DescriptionBMC Patrol allows remote attackers to gain access to an agent by spoofing frames. 9.292e-12
data$DescriptionBNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. 9.292e-12
data$DescriptionBNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. 9.292e-12
data$DescriptionBonk variation of teardrop IP fragmentation denial of service. 9.292e-12
data$DescriptionBuffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. 9.292e-12
data$DescriptionBuffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. 9.292e-12
data$DescriptionBuffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. 9.292e-12
data$DescriptionBuffer overflow in AIX dtterm program for the CDE. 9.292e-12
data$DescriptionBuffer overflow in AIX ftpd in the libc library. 9.292e-12
data$DescriptionBuffer overflow in AIX lchangelv gives root access. 9.292e-12
data$DescriptionBuffer overflow in AIX libDtSvc library can allow local users to gain root access. 9.292e-12
data$DescriptionBuffer overflow in AIX lquerylv program gives root access to local users. 9.292e-12
data$DescriptionBuffer overflow in AIX rcp command allows local users to obtain root access. 9.292e-12
data$DescriptionBuffer overflow in AIX writesrv command allows local users to obtain root access. 9.292e-12
data$DescriptionBuffer overflow in AIX xdat gives root access to local users. 9.292e-12
data$DescriptionBuffer overflow in ALMail32 POP3 client via From: or To: headers. 9.292e-12
data$DescriptionBuffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. 9.292e-12
data$DescriptionBuffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. 9.292e-12
data$DescriptionBuffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. 9.292e-12
data$DescriptionBuffer overflow in BIND 8.2 via NXT records. 9.292e-12
data$DescriptionBuffer overflow in BNC IRC proxy allows remote attackers to gain privileges. 9.292e-12
data$DescriptionBuffer overflow in BNU UUCP daemon (uucpd) through long hostnames. 9.292e-12
data$DescriptionBuffer overflow in bootpd 2.4.3 and earlier via a long boot file location. 9.292e-12
t value
(Intercept) 3.044e+11
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 1.259e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 2.658e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 2.669e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and CVE-1999-1586 to obtain the appropriate name. All references and descriptions in this candidate have been removed to prevent accidental usage. 6.565e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. It might be more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc." 2.109e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. Notes: the former description is: "A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities." 2.378e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to DNS service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NETBIOS is running." 9.686e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NIS is running." 9.901e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A database service is running, e.g. a SQL server, Oracle, or mySQL." 4.305e+11
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A POP service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A Windows NT Primary Domain Controller (PDC) or Backup Domain Controller (BDC) is present." 2.841e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO." 2.604e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "DCOM is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The bootparam (bootparamd) service is running." 8.287e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FSP service is running." 2.260e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The HTTP/WWW service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IMAP service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IRC service is running." 9.901e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The LDAP service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NFS service is running." 9.901e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NNTP news service is running." 9.901e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SMTP service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running." 1.765e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SSH service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The Telnet service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The TFTP service is running." 1.033e+13
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X Windows service is running." 9.901e+12
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X25 service is running." 1.033e+13
data$Description.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. 2.195e+13
data$Description64 bit Solaris 7 procfs allows local users to perform a denial of service. -6.200e-02
data$DescriptionA buffer overflow in lsof allows local users to obtain root privilege. -1.790e-01
data$DescriptionA buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. -6.800e-02
data$DescriptionA buffer overflow in the SGI X server allows local users to gain root access through the X server font path. -1.030e-01
data$DescriptionA bug in Cyrix CPUs on Linux allows local users to perform a denial of service. 8.740e-01
data$DescriptionA component service related to NIS+ is running. 1.033e+13
data$DescriptionA configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. 5.166e+12
data$DescriptionA default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. -1.830e+00
data$DescriptionA default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. -9.900e-02
data$DescriptionA default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. -1.870e-01
data$DescriptionA DNS server allows inverse queries. 2.572e+13
data$DescriptionA DNS server allows zone transfers. 2.572e+13
data$DescriptionA filter in a router or firewall allows unusual fragmented packets. 2.723e+13
data$DescriptionA hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. 6.888e+12
data$DescriptionA kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. 1.280e-01
data$DescriptionA later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. 1.216e+13
data$DescriptionA legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. -1.420e-01
data$DescriptionA mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. 1.679e+13
data$DescriptionA malicious Palace server can force a client to execute arbitrary programs. 4.500e-02
data$DescriptionA memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. 6.457e+12
data$DescriptionA NETBIOS/SMB share password is guessable. 2.389e+13
data$DescriptionA NETBIOS/SMB share password is the default, null, or missing. 2.389e+13
data$DescriptionA network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. 7.964e+12
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. 1.399e+13
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. 7.964e+12
data$DescriptionA network intrusion detection system (IDS) does not properly reassemble fragmented packets. 7.964e+12
data$DescriptionA network intrusion detection system (IDS) does not verify the checksum on a packet. 7.964e+12
data$DescriptionA network service is running on a nonstandard port. 2.787e+13
data$DescriptionA password for accessing a WWW URL is guessable. 2.142e+13
data$DescriptionA quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. -1.410e-01
data$DescriptionA race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. -1.270e-01
data$DescriptionA race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. -5.300e-02
data$DescriptionA race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. 1.076e+11
data$DescriptionA race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. -1.540e-01
data$DescriptionA race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. -1.550e-01
data$DescriptionA race condition in the Solaris ps command allows an attacker to overwrite critical files. -1.080e-01
data$DescriptionA remote attacker can disable the virus warning mechanism in Microsoft Excel 97. -2.600e-02
data$DescriptionA remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. 2.465e+13
data$DescriptionA remote attacker can read information from a Netscape user's cache via JavaScript. -1.010e-01
data$DescriptionA remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. 2.637e+13
data$DescriptionA router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. 5.381e+11
data$DescriptionA router's routing tables can be obtained from arbitrary hosts. 1.291e+12
data$DescriptionA router or firewall allows source routed packets from arbitrary hosts. 7.641e+12
data$DescriptionA router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. 1.647e+13
data$DescriptionA router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. 2.583e+12
data$DescriptionA Sendmail alias allows input to be piped to a program. 3.874e+12
data$DescriptionA service or application has a backdoor password that was placed there by the developer. 1.022e+13
data$DescriptionA superfluous NFS server is running, but it is not importing or exporting any file systems. 4.412e+12
data$DescriptionA system-critical NETBIOS/SMB share has inappropriate access control. 4.735e+12
data$DescriptionA system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. 2.099e+13
data$DescriptionA system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified. 1.636e+13
data$DescriptionA system-critical Unix file or directory has inappropriate permissions. 1.012e+13
data$DescriptionA system-critical Windows NT file or directory has inappropriate permissions. 1.001e+13
data$DescriptionA system-critical Windows NT registry key has an inappropriate value. 5.273e+12
data$DescriptionA system-critical Windows NT registry key has inappropriate permissions. 5.381e+12
data$DescriptionA system does not present an appropriate legal message or warning to a user who is accessing it. 7.533e+12
data$DescriptionA system is operating in "promiscuous" mode which allows it to perform packet sniffing. 7.749e+12
data$DescriptionA system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. 2.120e+13
data$DescriptionA trust relationship exists between two Unix hosts. 2.583e+13
data$DescriptionA Unix account has a default, null, blank, or missing password. 2.163e+13
data$DescriptionA Unix account has a guessable password. 1.690e+13
data$DescriptionA Unix account with a name other than "root" has UID 0, i.e. root privileges. 2.798e+13
data$DescriptionA URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. 5.489e+12
data$DescriptionA version of finger is running that exposes valid user information to any entity on the network. -3.200e-02
data$DescriptionA version of rusers is running that exposes valid user information to any entity on the network. -3.180e-01
data$DescriptionA vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. 2.034e+13
data$DescriptionA weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. 8.100e-02
data$DescriptionA weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. 1.614e+13
data$DescriptionA Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. -1.640e-01
data$DescriptionA Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. 3.551e+12
data$DescriptionA Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. 1.367e+13
data$DescriptionA Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. 1.916e+13
data$DescriptionA Windows NT administrator account has the default name of Administrator. 4.197e+12
data$DescriptionA Windows NT domain user or administrator account has a default, null, blank, or missing password. 2.142e+13
data$DescriptionA Windows NT domain user or administrator account has a guessable password. 2.142e+13
data$DescriptionA Windows NT file system is not NTFS. 1.334e+13
data$DescriptionA Windows NT local user or administrator account has a default, null, blank, or missing password. 2.163e+13
data$DescriptionA Windows NT local user or administrator account has a guessable password. 2.163e+13
data$DescriptionA Windows NT log file has an inappropriate maximum size or retention period. 2.594e+13
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. 1.378e+13
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. 1.776e+13
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. 1.776e+13
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. 2.217e+13
data$DescriptionA Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. 2.239e+13
data$DescriptionA Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. 9.578e+12
data$DescriptionA Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. 4.951e+12
data$DescriptionA Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. -2.290e-01
data$DescriptionA Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. -2.530e-01
data$DescriptionA Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. 2.346e+13
data$DescriptionA WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. 5.273e+12
data$DescriptionAAA authentication on Cisco systems allows attackers to execute commands without authorization. -1.890e-01
data$DescriptionACC Tigris allows public access without a login. -1.080e-01
data$DescriptionAccess violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. -1.360e-01
data$Descriptionadmintool in Solaris allows a local user to write to arbitrary files and gain root access. 1.274e+00
data$DescriptionAfter an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. -2.110e-01
data$DescriptionAIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. 3.670e-01
data$DescriptionAIX bugfiler program allows local users to gain root access. -4.200e-02
data$DescriptionAIX infod allows local users to gain root access through an X display. 1.387e+00
data$DescriptionAIX Licensed Program Product performance tools allow local users to gain root access. -1.320e-01
data$DescriptionAIX nslookup command allows local users to obtain root access by not dropping privileges correctly. 8.580e-01
data$DescriptionAIX passwd allows local users to gain root access. -2.420e-01
data$DescriptionAIX piodmgrsu command allows local users to gain additional group privileges. 5.760e-01
data$DescriptionAIX routed allows remote users to modify sensitive files. 1.291e+13
data$DescriptionAlibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. 2.282e+13
data$DescriptionAlibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. 9.255e+12
data$DescriptionAll records in a WINS database can be deleted through SNMP for a denial of service. -1.890e-01
data$DescriptionAN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. -1.620e-01
data$DescriptionAn account on a router, firewall, or other network device has a default, null, blank, or missing password. 2.152e+13
data$DescriptionAn account on a router, firewall, or other network device has a guessable password. 2.142e+13
data$DescriptionAn application-critical Windows NT registry key has an inappropriate value. 5.273e+12
data$DescriptionAn application-critical Windows NT registry key has inappropriate permissions. 5.381e+12
data$DescriptionAn attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. -6.400e-02
data$DescriptionAn attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. 8.825e+12
data$DescriptionAn attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). 6.134e+12
data$DescriptionAn attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. -1.050e-01
data$DescriptionAn event log in Windows NT has inappropriate access permissions. 1.001e+13
data$DescriptionAn example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. -2.260e-01
data$DescriptionAn incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. 7.533e+11
data$DescriptionAn incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. 7.533e+11
data$DescriptionAn incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. -8.200e-02
data$DescriptionAn incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. 7.533e+11
data$DescriptionAn incorrect configuration of the Webcart CGI program could disclose private information. 6.457e+11
data$DescriptionAn incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. 6.457e+11
data$DescriptionAn NIS domain name is easily guessable. 2.152e+13
data$DescriptionAn SNMP community name is guessable. 2.163e+13
data$DescriptionAn SNMP community name is the default (e.g. public), null, or missing. 2.163e+13
data$DescriptionAn SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. -1.830e-01
data$DescriptionAn SSH server allows authentication through the .rhosts file. 8.610e+12
data$DescriptionAn unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. 7.749e+12
data$DescriptionAn X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. -2.150e-01
data$DescriptionAnonymous FTP is enabled. 4.305e+12
data$DescriptionAnyForm CGI remote execution. -3.270e-01
data$DescriptionApache allows remote attackers to conduct a denial of service via a large number of MIME headers. 2.475e+12
data$DescriptionApache httpd cookie buffer overflow for versions 1.1.1 and earlier. -2.900e-02
data$DescriptionArbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. -3.610e-01
data$DescriptionArbitrary command execution via IMAP buffer overflow in authenticate command. -2.440e-01
data$DescriptionArbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. -5.270e-01
data$DescriptionArbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. -2.510e-01
data$DescriptionArkiea nlservd allows remote attackers to conduct a denial of service. 1.930e-01
data$DescriptionAttackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. -2.220e-01
data$DescriptionAttackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. -8.800e-02
data$DescriptionAttackers can do a denial of service of IRC by crashing the server. 2.830e+13
data$DescriptionAutomount daemon automountd allows local or remote users to gain privileges via shell metacharacters. -1.790e-01
data$DescriptionBash treats any character with a value of 255 as a command separator. 5.960e-01
data$DescriptionBMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. -1.800e-01
data$DescriptionBMC Patrol allows remote attackers to gain access to an agent by spoofing frames. -2.080e-01
data$DescriptionBNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. -1.510e-01
data$DescriptionBNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. -1.080e-01
data$DescriptionBonk variation of teardrop IP fragmentation denial of service. 2.755e+13
data$DescriptionBuffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. -1.530e-01
data$DescriptionBuffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. -1.680e-01
data$DescriptionBuffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. -1.070e-01
data$DescriptionBuffer overflow in AIX dtterm program for the CDE. -1.390e-01
data$DescriptionBuffer overflow in AIX ftpd in the libc library. -2.010e-01
data$DescriptionBuffer overflow in AIX lchangelv gives root access. -1.990e-01
data$DescriptionBuffer overflow in AIX libDtSvc library can allow local users to gain root access. 1.302e+13
data$DescriptionBuffer overflow in AIX lquerylv program gives root access to local users. -2.600e-01
data$DescriptionBuffer overflow in AIX rcp command allows local users to obtain root access. -9.700e-02
data$DescriptionBuffer overflow in AIX writesrv command allows local users to obtain root access. -8.000e-03
data$DescriptionBuffer overflow in AIX xdat gives root access to local users. 2.270e-01
data$DescriptionBuffer overflow in ALMail32 POP3 client via From: or To: headers. 2.454e+13
data$DescriptionBuffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. 9.686e+11
data$DescriptionBuffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. -1.750e-01
data$DescriptionBuffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. -2.420e-01
data$DescriptionBuffer overflow in BIND 8.2 via NXT records. -2.300e-01
data$DescriptionBuffer overflow in BNC IRC proxy allows remote attackers to gain privileges. -1.090e-01
data$DescriptionBuffer overflow in BNU UUCP daemon (uucpd) through long hostnames. -1.980e-01
data$DescriptionBuffer overflow in bootpd 2.4.3 and earlier via a long boot file location. 1.540e-01
Pr(>|t|)
(Intercept) <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and CVE-1999-1586 to obtain the appropriate name. All references and descriptions in this candidate have been removed to prevent accidental usage. <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. It might be more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. Notes: the former description is: "A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to DNS service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NETBIOS is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NIS is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A database service is running, e.g. a SQL server, Oracle, or mySQL." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A POP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A Windows NT Primary Domain Controller (PDC) or Backup Domain Controller (BDC) is present." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "DCOM is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The bootparam (bootparamd) service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FSP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The HTTP/WWW service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IMAP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IRC service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The LDAP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NFS service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NNTP news service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SMTP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SSH service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The Telnet service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The TFTP service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X Windows service is running." <2e-16
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X25 service is running." <2e-16
data$Description.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. <2e-16
data$Description64 bit Solaris 7 procfs allows local users to perform a denial of service. 0.953
data$DescriptionA buffer overflow in lsof allows local users to obtain root privilege. 0.864
data$DescriptionA buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. 0.948
data$DescriptionA buffer overflow in the SGI X server allows local users to gain root access through the X server font path. 0.922
data$DescriptionA bug in Cyrix CPUs on Linux allows local users to perform a denial of service. 0.416
data$DescriptionA component service related to NIS+ is running. <2e-16
data$DescriptionA configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. <2e-16
data$DescriptionA default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. 0.117
data$DescriptionA default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. 0.924
data$DescriptionA default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. 0.858
data$DescriptionA DNS server allows inverse queries. <2e-16
data$DescriptionA DNS server allows zone transfers. <2e-16
data$DescriptionA filter in a router or firewall allows unusual fragmented packets. <2e-16
data$DescriptionA hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. <2e-16
data$DescriptionA kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. 0.902
data$DescriptionA later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. <2e-16
data$DescriptionA legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. 0.891
data$DescriptionA mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. <2e-16
data$DescriptionA malicious Palace server can force a client to execute arbitrary programs. 0.966
data$DescriptionA memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. <2e-16
data$DescriptionA NETBIOS/SMB share password is guessable. <2e-16
data$DescriptionA NETBIOS/SMB share password is the default, null, or missing. <2e-16
data$DescriptionA network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. <2e-16
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. <2e-16
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. <2e-16
data$DescriptionA network intrusion detection system (IDS) does not properly reassemble fragmented packets. <2e-16
data$DescriptionA network intrusion detection system (IDS) does not verify the checksum on a packet. <2e-16
data$DescriptionA network service is running on a nonstandard port. <2e-16
data$DescriptionA password for accessing a WWW URL is guessable. <2e-16
data$DescriptionA quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. 0.893
data$DescriptionA race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. 0.903
data$DescriptionA race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. 0.959
data$DescriptionA race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. <2e-16
data$DescriptionA race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. 0.882
data$DescriptionA race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. 0.882
data$DescriptionA race condition in the Solaris ps command allows an attacker to overwrite critical files. 0.918
data$DescriptionA remote attacker can disable the virus warning mechanism in Microsoft Excel 97. 0.980
data$DescriptionA remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. <2e-16
data$DescriptionA remote attacker can read information from a Netscape user's cache via JavaScript. 0.923
data$DescriptionA remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. <2e-16
data$DescriptionA router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. <2e-16
data$DescriptionA router's routing tables can be obtained from arbitrary hosts. <2e-16
data$DescriptionA router or firewall allows source routed packets from arbitrary hosts. <2e-16
data$DescriptionA router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. <2e-16
data$DescriptionA router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. <2e-16
data$DescriptionA Sendmail alias allows input to be piped to a program. <2e-16
data$DescriptionA service or application has a backdoor password that was placed there by the developer. <2e-16
data$DescriptionA superfluous NFS server is running, but it is not importing or exporting any file systems. <2e-16
data$DescriptionA system-critical NETBIOS/SMB share has inappropriate access control. <2e-16
data$DescriptionA system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. <2e-16
data$DescriptionA system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified. <2e-16
data$DescriptionA system-critical Unix file or directory has inappropriate permissions. <2e-16
data$DescriptionA system-critical Windows NT file or directory has inappropriate permissions. <2e-16
data$DescriptionA system-critical Windows NT registry key has an inappropriate value. <2e-16
data$DescriptionA system-critical Windows NT registry key has inappropriate permissions. <2e-16
data$DescriptionA system does not present an appropriate legal message or warning to a user who is accessing it. <2e-16
data$DescriptionA system is operating in "promiscuous" mode which allows it to perform packet sniffing. <2e-16
data$DescriptionA system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. <2e-16
data$DescriptionA trust relationship exists between two Unix hosts. <2e-16
data$DescriptionA Unix account has a default, null, blank, or missing password. <2e-16
data$DescriptionA Unix account has a guessable password. <2e-16
data$DescriptionA Unix account with a name other than "root" has UID 0, i.e. root privileges. <2e-16
data$DescriptionA URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. <2e-16
data$DescriptionA version of finger is running that exposes valid user information to any entity on the network. 0.975
data$DescriptionA version of rusers is running that exposes valid user information to any entity on the network. 0.761
data$DescriptionA vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. <2e-16
data$DescriptionA weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. 0.938
data$DescriptionA weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. <2e-16
data$DescriptionA Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. 0.875
data$DescriptionA Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. <2e-16
data$DescriptionA Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. <2e-16
data$DescriptionA Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. <2e-16
data$DescriptionA Windows NT administrator account has the default name of Administrator. <2e-16
data$DescriptionA Windows NT domain user or administrator account has a default, null, blank, or missing password. <2e-16
data$DescriptionA Windows NT domain user or administrator account has a guessable password. <2e-16
data$DescriptionA Windows NT file system is not NTFS. <2e-16
data$DescriptionA Windows NT local user or administrator account has a default, null, blank, or missing password. <2e-16
data$DescriptionA Windows NT local user or administrator account has a guessable password. <2e-16
data$DescriptionA Windows NT log file has an inappropriate maximum size or retention period. <2e-16
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. <2e-16
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. <2e-16
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. <2e-16
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. <2e-16
data$DescriptionA Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. <2e-16
data$DescriptionA Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. <2e-16
data$DescriptionA Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. <2e-16
data$DescriptionA Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. 0.826
data$DescriptionA Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. 0.809
data$DescriptionA Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. <2e-16
data$DescriptionA WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. <2e-16
data$DescriptionAAA authentication on Cisco systems allows attackers to execute commands without authorization. 0.856
data$DescriptionACC Tigris allows public access without a login. 0.918
data$DescriptionAccess violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. 0.896
data$Descriptionadmintool in Solaris allows a local user to write to arbitrary files and gain root access. 0.250
data$DescriptionAfter an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. 0.840
data$DescriptionAIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. 0.726
data$DescriptionAIX bugfiler program allows local users to gain root access. 0.968
data$DescriptionAIX infod allows local users to gain root access through an X display. 0.215
data$DescriptionAIX Licensed Program Product performance tools allow local users to gain root access. 0.899
data$DescriptionAIX nslookup command allows local users to obtain root access by not dropping privileges correctly. 0.424
data$DescriptionAIX passwd allows local users to gain root access. 0.817
data$DescriptionAIX piodmgrsu command allows local users to gain additional group privileges. 0.586
data$DescriptionAIX routed allows remote users to modify sensitive files. <2e-16
data$DescriptionAlibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. <2e-16
data$DescriptionAlibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. <2e-16
data$DescriptionAll records in a WINS database can be deleted through SNMP for a denial of service. 0.857
data$DescriptionAN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. 0.877
data$DescriptionAn account on a router, firewall, or other network device has a default, null, blank, or missing password. <2e-16
data$DescriptionAn account on a router, firewall, or other network device has a guessable password. <2e-16
data$DescriptionAn application-critical Windows NT registry key has an inappropriate value. <2e-16
data$DescriptionAn application-critical Windows NT registry key has inappropriate permissions. <2e-16
data$DescriptionAn attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. 0.951
data$DescriptionAn attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. <2e-16
data$DescriptionAn attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). <2e-16
data$DescriptionAn attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. 0.920
data$DescriptionAn event log in Windows NT has inappropriate access permissions. <2e-16
data$DescriptionAn example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. 0.829
data$DescriptionAn incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. <2e-16
data$DescriptionAn incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. <2e-16
data$DescriptionAn incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. 0.938
data$DescriptionAn incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. <2e-16
data$DescriptionAn incorrect configuration of the Webcart CGI program could disclose private information. <2e-16
data$DescriptionAn incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. <2e-16
data$DescriptionAn NIS domain name is easily guessable. <2e-16
data$DescriptionAn SNMP community name is guessable. <2e-16
data$DescriptionAn SNMP community name is the default (e.g. public), null, or missing. <2e-16
data$DescriptionAn SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. 0.861
data$DescriptionAn SSH server allows authentication through the .rhosts file. <2e-16
data$DescriptionAn unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. <2e-16
data$DescriptionAn X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. 0.837
data$DescriptionAnonymous FTP is enabled. <2e-16
data$DescriptionAnyForm CGI remote execution. 0.755
data$DescriptionApache allows remote attackers to conduct a denial of service via a large number of MIME headers. <2e-16
data$DescriptionApache httpd cookie buffer overflow for versions 1.1.1 and earlier. 0.978
data$DescriptionArbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. 0.730
data$DescriptionArbitrary command execution via IMAP buffer overflow in authenticate command. 0.815
data$DescriptionArbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. 0.617
data$DescriptionArbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. 0.810
data$DescriptionArkiea nlservd allows remote attackers to conduct a denial of service. 0.853
data$DescriptionAttackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. 0.832
data$DescriptionAttackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. 0.933
data$DescriptionAttackers can do a denial of service of IRC by crashing the server. <2e-16
data$DescriptionAutomount daemon automountd allows local or remote users to gain privileges via shell metacharacters. 0.864
data$DescriptionBash treats any character with a value of 255 as a command separator. 0.573
data$DescriptionBMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. 0.863
data$DescriptionBMC Patrol allows remote attackers to gain access to an agent by spoofing frames. 0.842
data$DescriptionBNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. 0.885
data$DescriptionBNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. 0.918
data$DescriptionBonk variation of teardrop IP fragmentation denial of service. <2e-16
data$DescriptionBuffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. 0.884
data$DescriptionBuffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. 0.872
data$DescriptionBuffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. 0.918
data$DescriptionBuffer overflow in AIX dtterm program for the CDE. 0.894
data$DescriptionBuffer overflow in AIX ftpd in the libc library. 0.848
data$DescriptionBuffer overflow in AIX lchangelv gives root access. 0.849
data$DescriptionBuffer overflow in AIX libDtSvc library can allow local users to gain root access. <2e-16
data$DescriptionBuffer overflow in AIX lquerylv program gives root access to local users. 0.803
data$DescriptionBuffer overflow in AIX rcp command allows local users to obtain root access. 0.926
data$DescriptionBuffer overflow in AIX writesrv command allows local users to obtain root access. 0.994
data$DescriptionBuffer overflow in AIX xdat gives root access to local users. 0.828
data$DescriptionBuffer overflow in ALMail32 POP3 client via From: or To: headers. <2e-16
data$DescriptionBuffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. <2e-16
data$DescriptionBuffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. 0.867
data$DescriptionBuffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. 0.817
data$DescriptionBuffer overflow in BIND 8.2 via NXT records. 0.826
data$DescriptionBuffer overflow in BNC IRC proxy allows remote attackers to gain privileges. 0.917
data$DescriptionBuffer overflow in BNU UUCP daemon (uucpd) through long hostnames. 0.850
data$DescriptionBuffer overflow in bootpd 2.4.3 and earlier via a long boot file location. 0.883
(Intercept) ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1584, CVE-1999-1586. Reason: This candidate combined references from one issue with the description from another issue. Notes: Users should consult CVE-1999-1584 and CVE-1999-1586 to obtain the appropriate name. All references and descriptions in this candidate have been removed to prevent accidental usage. ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. It might be more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. Notes: the former description is: "A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to DNS service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NETBIOS is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NIS is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A database service is running, e.g. a SQL server, Oracle, or mySQL." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A POP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A Windows NT Primary Domain Controller (PDC) or Backup Domain Controller (BDC) is present." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "DCOM is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The bootparam (bootparamd) service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FSP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The HTTP/WWW service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IMAP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IRC service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The LDAP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NFS service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NNTP news service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SMTP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SNMP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SSH service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The Telnet service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The TFTP service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X Windows service is running." ***
data$Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The X25 service is running." ***
data$Description.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. ***
data$Description64 bit Solaris 7 procfs allows local users to perform a denial of service.
data$DescriptionA buffer overflow in lsof allows local users to obtain root privilege.
data$DescriptionA buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
data$DescriptionA buffer overflow in the SGI X server allows local users to gain root access through the X server font path.
data$DescriptionA bug in Cyrix CPUs on Linux allows local users to perform a denial of service.
data$DescriptionA component service related to NIS+ is running. ***
data$DescriptionA configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. ***
data$DescriptionA default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
data$DescriptionA default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.
data$DescriptionA default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.
data$DescriptionA DNS server allows inverse queries. ***
data$DescriptionA DNS server allows zone transfers. ***
data$DescriptionA filter in a router or firewall allows unusual fragmented packets. ***
data$DescriptionA hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. ***
data$DescriptionA kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
data$DescriptionA later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. ***
data$DescriptionA legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
data$DescriptionA mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. ***
data$DescriptionA malicious Palace server can force a client to execute arbitrary programs.
data$DescriptionA memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. ***
data$DescriptionA NETBIOS/SMB share password is guessable. ***
data$DescriptionA NETBIOS/SMB share password is the default, null, or missing. ***
data$DescriptionA network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. ***
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. ***
data$DescriptionA network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers. ***
data$DescriptionA network intrusion detection system (IDS) does not properly reassemble fragmented packets. ***
data$DescriptionA network intrusion detection system (IDS) does not verify the checksum on a packet. ***
data$DescriptionA network service is running on a nonstandard port. ***
data$DescriptionA password for accessing a WWW URL is guessable. ***
data$DescriptionA quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.
data$DescriptionA race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
data$DescriptionA race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.
data$DescriptionA race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. ***
data$DescriptionA race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
data$DescriptionA race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.
data$DescriptionA race condition in the Solaris ps command allows an attacker to overwrite critical files.
data$DescriptionA remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
data$DescriptionA remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. ***
data$DescriptionA remote attacker can read information from a Netscape user's cache via JavaScript.
data$DescriptionA remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. ***
data$DescriptionA router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. ***
data$DescriptionA router's routing tables can be obtained from arbitrary hosts. ***
data$DescriptionA router or firewall allows source routed packets from arbitrary hosts. ***
data$DescriptionA router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. ***
data$DescriptionA router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. ***
data$DescriptionA Sendmail alias allows input to be piped to a program. ***
data$DescriptionA service or application has a backdoor password that was placed there by the developer. ***
data$DescriptionA superfluous NFS server is running, but it is not importing or exporting any file systems. ***
data$DescriptionA system-critical NETBIOS/SMB share has inappropriate access control. ***
data$DescriptionA system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. ***
data$DescriptionA system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified. ***
data$DescriptionA system-critical Unix file or directory has inappropriate permissions. ***
data$DescriptionA system-critical Windows NT file or directory has inappropriate permissions. ***
data$DescriptionA system-critical Windows NT registry key has an inappropriate value. ***
data$DescriptionA system-critical Windows NT registry key has inappropriate permissions. ***
data$DescriptionA system does not present an appropriate legal message or warning to a user who is accessing it. ***
data$DescriptionA system is operating in "promiscuous" mode which allows it to perform packet sniffing. ***
data$DescriptionA system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. ***
data$DescriptionA trust relationship exists between two Unix hosts. ***
data$DescriptionA Unix account has a default, null, blank, or missing password. ***
data$DescriptionA Unix account has a guessable password. ***
data$DescriptionA Unix account with a name other than "root" has UID 0, i.e. root privileges. ***
data$DescriptionA URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. ***
data$DescriptionA version of finger is running that exposes valid user information to any entity on the network.
data$DescriptionA version of rusers is running that exposes valid user information to any entity on the network.
data$DescriptionA vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. ***
data$DescriptionA weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
data$DescriptionA weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. ***
data$DescriptionA Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
data$DescriptionA Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. ***
data$DescriptionA Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. ***
data$DescriptionA Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. ***
data$DescriptionA Windows NT administrator account has the default name of Administrator. ***
data$DescriptionA Windows NT domain user or administrator account has a default, null, blank, or missing password. ***
data$DescriptionA Windows NT domain user or administrator account has a guessable password. ***
data$DescriptionA Windows NT file system is not NTFS. ***
data$DescriptionA Windows NT local user or administrator account has a default, null, blank, or missing password. ***
data$DescriptionA Windows NT local user or administrator account has a guessable password. ***
data$DescriptionA Windows NT log file has an inappropriate maximum size or retention period. ***
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. ***
data$DescriptionA Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. ***
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. ***
data$DescriptionA Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. ***
data$DescriptionA Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. ***
data$DescriptionA Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. ***
data$DescriptionA Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. ***
data$DescriptionA Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
data$DescriptionA Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
data$DescriptionA Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. ***
data$DescriptionA WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. ***
data$DescriptionAAA authentication on Cisco systems allows attackers to execute commands without authorization.
data$DescriptionACC Tigris allows public access without a login.
data$DescriptionAccess violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
data$Descriptionadmintool in Solaris allows a local user to write to arbitrary files and gain root access.
data$DescriptionAfter an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
data$DescriptionAIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.
data$DescriptionAIX bugfiler program allows local users to gain root access.
data$DescriptionAIX infod allows local users to gain root access through an X display.
data$DescriptionAIX Licensed Program Product performance tools allow local users to gain root access.
data$DescriptionAIX nslookup command allows local users to obtain root access by not dropping privileges correctly.
data$DescriptionAIX passwd allows local users to gain root access.
data$DescriptionAIX piodmgrsu command allows local users to gain additional group privileges.
data$DescriptionAIX routed allows remote users to modify sensitive files. ***
data$DescriptionAlibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. ***
data$DescriptionAlibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. ***
data$DescriptionAll records in a WINS database can be deleted through SNMP for a denial of service.
data$DescriptionAN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
data$DescriptionAn account on a router, firewall, or other network device has a default, null, blank, or missing password. ***
data$DescriptionAn account on a router, firewall, or other network device has a guessable password. ***
data$DescriptionAn application-critical Windows NT registry key has an inappropriate value. ***
data$DescriptionAn application-critical Windows NT registry key has inappropriate permissions. ***
data$DescriptionAn attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
data$DescriptionAn attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. ***
data$DescriptionAn attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). ***
data$DescriptionAn attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.
data$DescriptionAn event log in Windows NT has inappropriate access permissions. ***
data$DescriptionAn example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
data$DescriptionAn incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. ***
data$DescriptionAn incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. ***
data$DescriptionAn incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.
data$DescriptionAn incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. ***
data$DescriptionAn incorrect configuration of the Webcart CGI program could disclose private information. ***
data$DescriptionAn incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. ***
data$DescriptionAn NIS domain name is easily guessable. ***
data$DescriptionAn SNMP community name is guessable. ***
data$DescriptionAn SNMP community name is the default (e.g. public), null, or missing. ***
data$DescriptionAn SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
data$DescriptionAn SSH server allows authentication through the .rhosts file. ***
data$DescriptionAn unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. ***
data$DescriptionAn X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
data$DescriptionAnonymous FTP is enabled. ***
data$DescriptionAnyForm CGI remote execution.
data$DescriptionApache allows remote attackers to conduct a denial of service via a large number of MIME headers. ***
data$DescriptionApache httpd cookie buffer overflow for versions 1.1.1 and earlier.
data$DescriptionArbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.
data$DescriptionArbitrary command execution via IMAP buffer overflow in authenticate command.
data$DescriptionArbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.
data$DescriptionArbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
data$DescriptionArkiea nlservd allows remote attackers to conduct a denial of service.
data$DescriptionAttackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.
data$DescriptionAttackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
data$DescriptionAttackers can do a denial of service of IRC by crashing the server. ***
data$DescriptionAutomount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
data$DescriptionBash treats any character with a value of 255 as a command separator.
data$DescriptionBMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
data$DescriptionBMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
data$DescriptionBNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
data$DescriptionBNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.
data$DescriptionBonk variation of teardrop IP fragmentation denial of service. ***
data$DescriptionBuffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
data$DescriptionBuffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
data$DescriptionBuffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
data$DescriptionBuffer overflow in AIX dtterm program for the CDE.
data$DescriptionBuffer overflow in AIX ftpd in the libc library.
data$DescriptionBuffer overflow in AIX lchangelv gives root access.
data$DescriptionBuffer overflow in AIX libDtSvc library can allow local users to gain root access. ***
data$DescriptionBuffer overflow in AIX lquerylv program gives root access to local users.
data$DescriptionBuffer overflow in AIX rcp command allows local users to obtain root access.
data$DescriptionBuffer overflow in AIX writesrv command allows local users to obtain root access.
data$DescriptionBuffer overflow in AIX xdat gives root access to local users.
data$DescriptionBuffer overflow in ALMail32 POP3 client via From: or To: headers. ***
data$DescriptionBuffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. ***
data$DescriptionBuffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
data$DescriptionBuffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username.
data$DescriptionBuffer overflow in BIND 8.2 via NXT records.
data$DescriptionBuffer overflow in BNC IRC proxy allows remote attackers to gain privileges.
data$DescriptionBuffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
data$DescriptionBuffer overflow in bootpd 2.4.3 and earlier via a long boot file location.
[ reached getOption("max.print") -- omitted 1613 rows ]
---
Signif. codes: 0 ‘***’ 0.001 ‘**’ 0.01 ‘*’ 0.05 ‘.’ 0.1 ‘ ’ 1
Residual standard error: 8.692e-12 on 6 degrees of freedom
Multiple R-squared: 1, Adjusted R-squared: 1
F-statistic: 7.304e+25 on 990 and 6 DF, p-value: < 2.2e-16
positions <- sample(nrow(data),size=floor((nrow(data)/4)*3))
training<- data[positions,]
testing<- data[-positions,]
Linear model
lm_fit<-lm(formula = Votes_r ~ Description_r + Status_r + References_r, data=training)
predictions<-predict(lm_fit,newdata=testing)
error<-sqrt((sum((testing$Votes_r-predictions)^2))/nrow(testing))
error
[1] 56.5068
Bagging function
library(foreach)
length_divisor<-6
iterations<-5000
predictions<-foreach(m=1:iterations,.combine=cbind) %do% {
training_positions <- sample(nrow(training), size=floor((nrow(training)/length_divisor)))
train_pos<-1:nrow(training) %in% training_positions
lm_fit<-lm(Votes_r ~ Description_r + Status_r + References_r,data=training[train_pos,])
predict(lm_fit,newdata=testing)
}
predictions<-rowMeans(predictions)
error<-sqrt((sum((testing$Votes_r-predictions)^2))/nrow(testing))
error
[1] 56.57869
Creating the First Ensemble Using Random Forest
#install.packages("randomForest")
library(randomForest)
rf_fit<-randomForest(Votes_r ~ Description_r + Status_r + References_r,data=training,ntree=500)
predictions<-predict(rf_fit,newdata=testing)
error<-sqrt((sum((testing$Votes_r-predictions)^2))/nrow(testing))
error
[1] 45.12506
first ensemble
length_divisor<-6
iterations<-5000
predictions<-foreach(m=1:iterations,.combine=cbind) %do% {
training_positions <- sample(nrow(training), size=floor((nrow(training)/length_divisor)))
train_pos<-1:nrow(training) %in% training_positions
lm_fit<-lm(Votes_r ~ Description_r + Status_r + References_r,data=training[train_pos,])
predict(lm_fit,newdata=testing)
}
lm_predictions<-rowMeans(predictions)
library(randomForest)
rf_fit<-randomForest(Votes_r ~ Description_r + Status_r + References_r,data=training,ntree=500)
rf_predictions<-predict(rf_fit,newdata=testing)
predictions<-(lm_predictions+rf_predictions)/2
error<-sqrt((sum((testing$Votes_r-predictions)^2))/nrow(testing))
error
[1] 48.92208
improving ensemble
predictions<-(lm_predictions+rf_predictions*9)/10
error<-sqrt((sum((testing$votes_rpredictions)^2))/nrow(testing))
error
[1] 0
Replacing linear Model with Support Vector
library(e1071)
svm_fit<-svm(Votes_r ~ Description_r + Status_r + References_r,data=training)
svm_predictions<-predict(svm_fit,newdata=testing)
error<-sqrt((sum((testing$Votes_r-svm_predictions)^2))/nrow(testing))
error
[1] 44.46861
bagging Svm technique
length_divisor<-6
iterations<-5000
predictions<-foreach(m=1:iterations,.combine=cbind) %do% {
training_positions <- sample(nrow(training), size=floor((nrow(training)/length_divisor)))
train_pos<-1:nrow(training) %in% training_positions
svm_fit<-svm(Votes_r ~ Description_r + Status_r + References_r,data=training[train_pos,])
predict(svm_fit,newdata=testing)
}
svm2_predictions<-rowMeans(predictions)
error<-sqrt((sum((testing$Votes_r-svm2_predictions)^2))/nrow(testing))
error
[1] 45.83003
predictions<-(svm_predictions+rf_predictions)/2
error<-sqrt((sum((testing$Votes_r-predictions)^2))/nrow(testing))
error
Defining the training controls for multiple models
library('caret')
fitControl <- trainControl(
method = "cv",
number = 3,
savePredictions = 'final',
classProbs = T)
#Defining the predictors and outcome
predictors<-c("Status_r", "References_r")
outcomeName<-'Votes_r'
#Spliting training set into two parts based on outcome: 75% and 25%
index <- createDataPartition(data$Votes_r, p=0.75, list=FALSE)
trainSet <- data[index,]
testSet <- data[-index, ]
head(trainSet)
train with random Forest
#Training the random forest model
model_rf<- train(trainSet[,predictors], trainSet[,outcomeName], method='rf', trControl=fitControl, tuneLength=3)
#Predicting using random forest model
testSet$pred_rf <-predict(object = model_rf,testSet[,predictors])
#testSet$pred_rf
#Checking the accuracy of the random forest model
identical(levels(testSet$pred_rf), levels(testSet$Votes_r))
#confusionMatrix(testSet$Votes_r, testSet$pred_rf)
confusionMatrix(factor(testSet$pred_rf, levels=min(testSet$Votes_r):max(testSet$Votes_r)),factor(testSet$Votes_r, levels=min(testSet$Votes_r):max(testSet$Votes_r)) )
str(as.factor(testSet$Votes_r))
Factor w/ 82 levels "1","2","3","8",..: 1 78 1 1 1 1 1 1 1 1 ...
str(as.factor(testSet$pred_rf))
Factor w/ 80 levels "0.999999999999833",..: 33 45 23 24 1 1 1 1 1 24 ...
table(factor(testSet$pred_rf, levels=min(testSet$Votes_r):max(testSet$Votes_r)),factor(testSet$Votes_r, levels=min(testSet$Votes_r):max(testSet$Votes_r)))
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
using knn
model_knn<-train(trainSet[,predictors],trainSet[,outcomeName],method='knn',trControl=fitControl,tuneLength=3)
cannnot compute class probabilities for regression
#Predicting using knn model
testSet$pred_knn<-predict(object = model_knn,testSet[,predictors])
#Checking the accuracy of the random forest model
confusionMatrix(factor(testSet$pred_knn, levels=min(testSet$Votes_r):max(testSet$Votes_r)),factor(testSet$Votes_r, levels=min(testSet$Votes_r):max(testSet$Votes_r)))
Confusion Matrix and Statistics
Reference
Prediction 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
1 41 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Reference
Prediction 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0
2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Reference
Prediction 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Reference
Prediction 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
#Training the Logistic regression model
model_lr<-train(trainSet[,predictors],trainSet[,outcomeName],method='glm',trControl=fitControl,tuneLength=3)
cannnot compute class probabilities for regression
#Predicting using knn model
testSet$pred_lr<-predict(object = model_lr,testSet[,predictors])
#Checking the accuracy of the random forest model
confusionMatrix(testSet$Votes_r,testSet$pred_lr)
Error: `data` and `reference` should be factors with the same levels.
avearages and predicting probabilities
#Predicting the probabilities
testSet$pred_rf_prob<-predict(object = model_rf,testSet[,predictors],type='prob')
Error in predict.randomForest(modelFit, newdata, type = "prob") :
'prob' or 'vote' not meaningful for regression
weighted avaraging
#Taking weighted average of predictions
testSet$pred_weighted_avg<-(testSet$pred_rf_prob$Y*0.25)+(testSet$pred_knn_prob$Y*0.25)+(testSet$pred_lr_prob$Y*0.5)
Error in `$<-.data.frame`(`*tmp*`, pred_weighted_avg, value = numeric(0)) :
replacement has 0 rows, data has 249
installing the related packages. packages
#install.packages("gbm")
library(mlbench)
library(caret)
library(caretEnsemble)
i). Boosting Algorithms Building multiple models (typically of the same type) each of which learns to fix the prediction errors of a prior model in the chain.
control <- trainControl(method="repeatedcv", number=3, repeats=3)
seed <- 7
metric <- "Accuracy"
# C5.0
set.seed(seed)
fit.c50 <- train(Votes~ Description + Phase, data=data, method="C5.0", metric=metric, trControl=control)
# Stochastic Gradient Boosting
set.seed(seed)
fit.gbm <- train(Votes~Description_r + Phase_r, data=data, method="gbm", metric=metric, trControl=control, verbose=FALSE)
summary of both boosting methods
# summarize results
boosting_results <- resamples(list(c5.0=fit.c50, gbm=fit.gbm))
summary(boosting_results)
dotplot(boosting_results)
ii). Bagging Algorithms Let’s look at two of the most popular bagging machine learning algorithms:
1)Bagged CART b)Random Forest Below is an example of the Bagged CART and Random Forest algorithms in R. Both algorithms include parameters that are not tuned in this example.
control <- trainControl(method="repeatedcv", number=10, repeats=3)
seed <- 7
metric <- "Accuracy"
# Bagged CART
set.seed(seed)
fit.treebag <- train(Votes~Description + Status, data=data, method="treebag", metric=metric, trControl=control)
# Random Forest
set.seed(seed)
fit.rf <- train(Votes~Description + Status, data=data, method="rf", metric=metric, trControl=control)
# summarize results
bagging_results <- resamples(list(treebag=fit.treebag, rf=fit.rf))
summary(bagging_results)
dotplot(bagging_results)
You can combine the predictions of multiple caret models using the caretEnsemble package.
Given a list of caret models, the caretStack() function can be used to specify a higher-order model to learn how to best combine the predictions of sub-models together.
Let’s first look at creating 5 sub-models for the ionosphere dataset, specifically:
Linear Discriminate Analysis (LDA) Classification and Regression Trees (CART) Logistic Regression (via Generalized Linear Model or GLM) k-Nearest Neighbors (kNN) Support Vector Machine with a Radial Basis Kernel Function (SVM) Below is an example that creates these 5 sub-models. Note the new helpful caretList() function provided by the caretEnsemble package for creating a list of standard caret models
# Example of Stacking algorithms
# create submodels
control <- trainControl(method="repeatedcv", number=10, repeats=3, savePredictions=TRUE, classProbs=TRUE)
algorithmList <- c('lda', 'rpart', 'glm', 'knn', 'svmRadial')
set.seed(seed)
models <- caretList(Votes~Description + Status, data=data, trControl=control, methodList=algorithmList)
results <- resamples(models)
summary(results)
correlation between models
# correlation between results
modelCor(results)
splom(results)
we use the model object stored above in staking above to combine the prediction of lassifiers into general linear model
stackControl <- trainControl(method="repeatedcv", number=10, repeats=3, savePredictions=TRUE, classProbs=TRUE)
set.seed(seed)
stack.glm <- caretStack(models, method="glm", metric="Accuracy", trControl=stackControl)
print(stack.glm)
repeat the above code bu then using the rf as our classifier to combine the prediction
# stack using random forest
set.seed(seed)
stack.rf <- caretStack(models, method="rf", metric="Accuracy", trControl=stackControl)
print(stack.rf)
library(tidyverse) # for tidy data analysis
library(readr) # for fast reading of input files
library(mice)
identifying pattern in the dataset
md.pattern(data, plot = FALSE)
data explorationnwith this dataset
ggplot(data, aes(x = Status, fill = Status)) +
geom_bar()
ggplot(data, aes(x =Votes_r )) +
geom_histogram(bins = 10)
Features
gather(data, x, y, Status:Votes) %>%
ggplot(aes(x = y, color = as.factor(data$Phase), fill = as.factor(data$Phase))) +
geom_density(alpha = 0.3) +
facet_wrap( ~ x, scales = "free", ncol = 3)
Machine learning packages for r
Caret
#install.packages("doParallel")
library(doParallel)
cl <- makeCluster(detectCores())
registerDoParallel(cl)
library(caret)
Training, validation and test data
set.seed(42)
index <- createDataPartition(data$Votes, p = 0.7, list = FALSE)
train_data <- data[index, ]
test_data <- data[-index, ]
train_data
bind_rows(data.frame(group = "train", train_data),
data.frame(group = "test", test_data)) %>%
gather(x, y, train_data$Votes:train_dataStatus) %>%
ggplot(aes(x = y, color = group, fill = group)) +
geom_density(alpha = 0.3) +
facet_wrap( ~ x, scales = "free", ncol = 3)
Regression
set.seed(42)
model_glm <- caret::train(Votes ~ Status+ Description+Status,
data = train_data,
method = "glm",
preProcess = c("scale", "center"),
trControl = trainControl(method = "repeatedcv",
number = 4,
repeats = 10,
savePredictions = TRUE,
verboseIter = FALSE))
model_glm
predicting the model
predictions <- predict(model_glm, test_data)
Classification
library(rpart)
library(rpart.plot)
set.seed(42)
fit <- rpart(Votes ~ Status+ Description+Status,
data = train_data,
method = "class",
control = rpart.control(xval = 10,
minbucket = 2,
cp = 0),
parms = list(split = "information"))
rpart.plot(fit, extra = 100)
Random forest
#install.packages("kernlab")
#install.packages("caret")
#install.packages("tm")
#install.packages("dplyr")
#install.packages("splitstackshape")
#install.packages("e1071")
library("kernlab")
library("caret")
library("tm")
library("dplyr")
library("splitstackshape")
library("e1071")
creating a new dataframe and split it inorder to gt the train and set data, that can be used as Vcorpus. In order to import a datafraem using a DataframeSOurce function we need to format the data, so that it contains doc_id as the column name, and also the text as the second column. In this case we will import subset only two column from
df <- data %>%
select(doc_id =Name,text= Comments)
head(df)
index <- createDataPartition(df$text, p = 0.7, list = FALSE)
Some classes have a single record ( Baker> Although newer versions on snmp are not as vulnerable as prior versions, | this can still be a significant risk of exploitation, as seen in recent | attacks on snmp services via automated worms | Christey> XF:snmp(132) ? | Prosser> This fits the "exposure" description although we also know there are many vulnerabilities in SNMP. This is more of a policy/best practice issue for administrators. If you need SNMP lock it down as tight as you can, if you don't need it, don't run it., Balinsky> Don't know what this is. Is this the LIST Core dump vulnerability? | Christey> Need to add more references and details., Blake> RHSA-1999:017-01 describes "potential security problem fixed" in the | absence of knowing whether or not the problems actually existed, I don't | think we have an entry here. | Frech> XF:redhat-net-tool-bo, Blake> This obscurely-written advisory seems to state that COAS will make the | file world-readable, not that it allows the user to make it so. I hardly | think that allowing the user to turn off security is a vulnerability. | Christey> It's difficult to write the description based on what's in | the advisory. If COAS inadvertently changes permissions | without user confirmation, then it should be ACCEPTed with | appropriate modification to the description. | Christey> ADDREF BID:137 | CHANGE> [Armstrong changed vote from REVIEWING to NOOP], CHANGE> [Frech changed vote from REVIEWING to ACCEPT], CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:access-weak-passwords(1774) | An older published reference (from our own Adam) would be | better: | ailab.coderpunks Newsgroup, 1998/06/23 "Re: MS Access 2.0" | http://x15.dejanews.com/[ST_rn=ps]/getdoc.xp?AN=365308578&CONTEXT=9192 | 07028.1462108427&hitnum=1, CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:ascend-config-kill(889) | XF:cisco-ios-crash(1238) | XF:webramp-remote-access(1670) | XF:ascom-timeplex-debug(1824) | XF:netopia-unpassworded(1850) | XF:cisco-web-crash(1886) | XF:cisco-router-commands(1951) | XF:motorola-cable-default-pass(2002) | XF:default-flowpoint(2091) | XF:netgear-router-idle-dos(4003) | XF:cisco-cbos-telnet(4251) | XF:routermate-snmp-community(4290) | XF:cayman-router-dos(4479) | XF:wavelink-authentication(5185) | XF:ciscosecure-ldap-bypass-authentication(5274) | XF:foundry-firmware-telnet-dos(5514) | XF:netopia-view-system-log(5536) | XF:cisco-webadmin-remote-dos(5595) | XF:cisco-cbos-web-access(5626) | XF:netopia-telnet-dos(6001) | XF:cisco-sn-gain-access(6827) | XF:cayman-dsl-insecure-permissions(6841) | XF:linksys-etherfast-reveal-passwords(6949) | XF:zyxel-router-default-password(6968) | XF:cisco-cbos-web-config(7027) | XF:prestige-wan-bypass-filter(7146) | Christey> I changed the description to make it more explicit that this | candidate is about router configuration, as opposed to | vulnerabilities that accidentally make a configuration | service accessible to anyone., CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:linux-autofs-bo(8365), CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:linux-ports-dos(8364), Christey> A Bugtraq posting indicates that the bug has to do with | "short packets with certain options set," so the description | should be modified accordingly. | | But is this the same as CVE-1999-0052? That one is related | to nestea (CVE-1999-0257) and probably the one described in | BUGTRAQ:19981023 nestea v2 against freebsd 3.0-Release | The patch for nestea is in ip_input.c around line 750. | The patches for CVE-1999-0001 are in lines 388&446. So, | CVE-1999-0001 is different from CVE-1999-0257 and CVE-1999-0052. | The FreeBSD patch for CVE-1999-0052 is in line 750. | So, CVE-1999-0257 and CVE-1999-0052 may be the same, though | CVE-1999-0052 should be RECAST since this bug affects Linux | and other OSes besides FreeBSD. | Frech> XF:teardrop(338) | This assignment was based solely on references to the CERT advisory. | Christey> The description for BID:190, which links to CVE-1999-0052 (a | FreeBSD advisory), notes that the patches provided by FreeBSD in | CERT:CA-1998-13 suggest a connection between CVE-1999-0001 and | CVE-1999-0052. CERT:CA-1998-13 is too vague to be sure without | further analysis., Christey> A content decision (CD:CF-DATA) needs to be reviewed | and accepted by the Editorial Board in order to resolve | this question., Christey> Add "back door" to description., Christey> Add "X11" to facilitate search., Christey> ADDREF BID:1441 | URL:http://www.securityfocus.com/bid/1441 | Dik> If you run with "-ypset", then you're always insecure. | With ypsetme, only root on the local host | can run ypset in Solaris 2.x+. | Probably true for SunOS 4, hence my vote. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> ADDREF XF:ypbind-ypset-root | CHANGE> [Dik changed vote from REVIEWING to ACCEPT] | Dik> This vulnerability does exist in SunOS 4.x in non default configurations. | In Solaris 2.x, the vulnerability only applies to files named "cache_binding" | and not all files ending in .2 | Both releases are not vulnerable in the default configuration (both | disabllow ypset by default which prevents this problem from occurring), Christey> ADDREF CIAC:J-043 | URL:http://ciac.llnl.gov/ciac/bulletins/j-043.shtml | Also add "banner" to the description to facilitate search. | Baker> Should be in place where ever it is possible, Christey> aka "shell" on UNIX systems (at least Solaris) in the | /etc/inetd.conf file. | Frech> associated to: | XF:nt-rlogin(92) | XF:rsh-svc(114) | XF:rshd(2995), Christey> BID:1760 | URL:http://www.securityfocus.com/bid/1760 | Frech> XF:unitymail-web-dos(1630), Christey> BID:276 | URL:http://www.securityfocus.com/vdb/bottom.html?vid=276 | Frech> XF:novell-tts-dos, Christey> BUGTRAQ:19961126 Security Problems in XMCD 2.1 | A followup to this post says that xmcd is not suid here., Christey> change description - anyone can log on *as* root | Frech> (Note: this XF also cataloged under CVE-1999-0508.), Christey> CVE-1999-0287 is probably a duplicate of CVE-1999-0467. In | NTBUGTRAQ:19990409 Webcom's CGI Guestbook for Win32 web servers | Mnemonix says that he had previously reported on a similar | problem. Let's refer to the NTBugtraq posting as | CVE-1999-0467. We will refer to the "previous report" as | CVE-1999-0287, which can be found at: | http://oliver.efri.hr/~crv/security/bugs/NT/httpd41.html | | 0287 describes an exploit via the "template" hidden variable. | The exploit describes manually editing the HTML form to | change the filename to read from the template variable. | | The exploit as described in 0467 encodes the template variable | directly into the URL. However, hidden variables are also | encoded into the URL, which would have looked the same to | the web server regardless of the exploit. Therefore 0287 | and 0467 are the same. | Christey> | The CD:SF-EXEC content decision also applies here. We have 2 | programs, wguest.exe and rguest.exe, which appear to have the | same problem. CD:SF-EXEC needs to be accepted by the Editorial | Board before this candidate can be converted into a CVE | entry. When finalized, CD:SF-EXEC will decide whether | this candidate should be split or not. | Christey> BID:2024, Christey> CVE-1999-0948 and CVE-1999-0949 are extremely similar. | uum (0948) is exploitable through a different set of options | than canuum (0949). If it's the same generic option parsing | routine used by both programs, then CD:SF-CODEBASE says to | merge them. But if it's not, then CD:SF-LOC and CD:SF-EXEC | says to split them. Ho
train_data <- df[index, ]
test_data <- df[-index, ]
train_data
1.ingest your training data and clean it.
train <- VCorpus(DataframeSource(train_data), readerControl=list(language="English"))
train <- tm_map(train, content_transformer(stripWhitespace))
train <- tm_map(train, content_transformer(tolower))
train <- tm_map(train, content_transformer(removeNumbers))
train <- tm_map(train, content_transformer(removePunctuation))
train.dtm <- as.matrix(DocumentTermMatrix(train, control=list(wordLengths=c(1,Inf))))
train.dtm
Terms
Docs a able abnormally about above absence absolutely abstain abstraction accept
Terms
Docs acceptable accepted accepting access accessed accessible accidentally
Terms
Docs accomplish accomplished according accordingly account accounts acknowledge
Terms
Docs acknowledged acknowledgement acquired across acted acting action actions
Terms
Docs active activex activities actual actually adam adapted add added adding
Terms
Docs addition additional addref addrefxfelmfilter address addressed addresses
Terms
Docs addressing admin admind administrator administrators admins advanced
Terms
Docs advisories advisory affect affected affects after again against agree ah
Terms
Docs ailabcoderpunks aix aka ala albeit aleph alert alias alibaba alibabapl all
Terms
Docs allaire allman allow allowed allowing allows alluded alludes almost along
Terms
Docs alpha already also altering alternately although always am ambiguous amount
Terms
Docs an analysis ancient and andor andre andres announcements anon anonymously
Terms
Docs another any anymore anyone anything anyway anywhere aol apache apars apparent
Terms
Docs apparently appear appears appended appending application applicationlevel
Terms
Docs applications applied applies apply appreciate appreciated appropriate
Terms
Docs approved apps april arbitrary archive archives are area arena arent argue
Terms
Docs argument arises arithmetic armstrong arne arnes around arp array article
Terms
Docs articles as asb ascend ash ask asked assign assigned assigning assignment
Terms
Docs associated assume assuming assumption at ataris attached attachment attack
Terms
Docs attacked attacker attackers attackexploit attacks attempt attempted attempts
Terms
Docs audio august auscert auscertaa authentication author authorized authors
Terms
Docs automated available back backdoors bad baker balinsky banner base based
Terms
Docs basement bash basically bauuibkacatmaticbuglisthtm be because becomes been
Terms
Docs before begins behavior being believe believed belive belong below bernstein
Terms
Docs berstein besides best beta better between beyond bid biggest bill bishop bit
Terms
Docs blake blamed blank bmc bo board bogus boguspl boink bollinger bomb bonk bonkc
Terms
Docs bootp bootpd bootpdc border bored bos both bother boundaries box boxes brian
Terms
Docs brief broad broswer browser browsing bsd bsdi bsdos btw buffer bug bugs
Terms
Docs bugtgraq bugtraq bugtraqjan builtin bulletin bulletins burnett burnetts but
Terms
Docs by bypasscircumvention bypassestricks byte bytecode c ca cachebinding
Terms
Docs calculation calderacssa call called calling came campaign can candidate
Terms
Docs candidates canna cannot canonicalize cans cant canuum capability capable
Terms
Docs captures cardinality cards carefully carts case cases casper caspers caswell
Terms
Docs cataloged category cause caused causes cc ccwhoismeta cdcfdata cdcfpass
Terms
Docs cddiscoverydate cde cdhighcard cdrom cdsfcodebase cdsfexec cdsfloc ce cert
Terms
Docs certain certca certcardist certvb cf cfinger cfm cgi cgibin cgidatainwebtree
Terms
Docs cgis change changed changelog changelogs changeref changes changing character
Terms
Docs characteristics characters check checking checks checksum chkperm choices
Terms
Docs choosing christey christeys christmas ciac ciacf ciacg ciach ciacia ciacj
Terms
Docs ciel circa circumvents cisco ciscosecure cite claim claiming claims
Terms
Docs clarification clarify class clear clearer clearly cleartext client
Terms
Docs clientserver clientside clipboard close closely closest cluster coas code
Terms
Docs codebase codebases codebrwasp coexistence cole com combinations combine
Terms
Docs combined combines combining come coming commands comment commented comments
Terms
Docs commodore common community companies company competition complain complete
Terms
Docs completely complicate component compromise compulink computer coms concern
Terms
Docs concerns concur conditions conference confidence configuration
Terms
Docs configurationrelated configurations configured confirm confirmation confirmed
Terms
Docs confirmftpftpscocomssessetarz
Terms
Docs confirmhttpwwwsecurityfocuscomframescontenttemplatesarchivepikeflistdmsgdqmailsecurityfocuscom
Terms
Docs confirms confused confusing confusion conjunction connected connection
Terms
Docs connections consequences consequently consider consideration considered
Terms
Docs considering consist consistency consistent constitute construct constructed
Terms
Docs construction consultation consulting consume contain contains content
Terms
Docs contentlength contenttype control controlittm controlled converted cookie
Terms
Docs cookies copied copy core corollary correct corrected correctly could count
Terms
Docs cover covered covers crash crazy create created creates creation criteria
Terms
Docs critical cross crossframe crossing crossreferenced cs cstm current currently
Terms
Docs cve cybercop d dacread daemon dan data database databases datagram date dated
Terms
Docs dates dave david day days ddatedmsgdebaedatashopperdk deals death debatable
Terms
Docs debate debian debians debug debugging dec december decide decision decisions
Terms
Docs deep deerfield default defaults defect defensive defer define defined defines
Terms
Docs defining definition delay delete delref delrefxfelmfilter demand denial
Terms
Docs denialofservice denom deny dependent depending depends derivative desc
Terms
Docs describe described describes describing description descriptionreferences
Terms
Docs descriptor design detail details detected detection determine determined
Terms
Docs determines determining devastated device df dgux diagnostics dicsovery
Terms
Docs dictate did didnt difference differences different differentiate diffferent
Terms
Docs difficult dig digging dik diks direct directly directories directory
Terms
Docs directorypaths disabllow disagree discloser disclosure discontinued
Terms
Docs discovered discovery discrete discretion discuss discussed discusses
Terms
Docs discussion disk displayopenedfilecfm distinct distinction distinguish
Terms
Docs distributed distribution distro dns do documentation documented does doesnt
Terms
Docs dog domain done dont door dos doses dot dotappending down download draft
Terms
Docs drafting drive drives dtaction dtactionbo dtmail dtmailpr dtmailptr due dump
Terms
Docs duncan dup dupe duplicate duplicates duplicatesubsumed duration during each
Terms
Docs earlier early easily easy echo echochargen ecurity editing editorial effect
Terms
Docs effectively eg either elements elias else email emerging employed enable
Terms
Docs enabled encoded encodes encryption end ending enforce engine enhancement
Terms
Docs enough entering enterprise entirely entity entries entry enumerate
Terms
Docs environmental environments equals equivalent er eric error ers esb esmtp
Terms
Docs especially establish etc etcinetdconf etcsecuritytcbprivs etcshadow eudora
Terms
Docs evade evaluator even event eventually ever every everyone evidence exact
Terms
Docs exactly examination examine example exceeds exec executable executables
Terms
Docs execute executed exercise exhaustion exhibiting exist existance existed
Terms
Docs existence existing exists expanded expect experiment expiration expires
Terms
Docs explain explicit explicitly exploit exploitable exploitation exploited
Terms
Docs exploiting exploits explorer expn exportable exposing exposure exposures
Terms
Docs exprcalccfm express expression expstr extend external extreme extremely
Terms
Docs eyedog f facilitate fact fail failure falls familar far fashion fat feature
Terms
Docs features feb february feedback feel few ffingerd ffingerds figure file
Terms
Docs filename filenames files filling final finalized finally find findable fine
Terms
Docs finger fingerd fingered fingerprinting firewall firewalls first fit fits fix
Terms
Docs fixed fixes fixing fixup flaw flaws flood flooding floppy foat focus folks
Terms
Docs follow followed following followon followup followups foojthml for forced
Terms
Docs form formation formatted forms forthcoming forwarding forwards found frag
Terms
Docs fragment fragmentation fragmented fragments frech free freebsd fresh from
Terms
Docs frontend froze frozen ftp ftpanon
Terms
Docs ftpciacllnlgovpubciacbulletincfycciacsunosnispatch
Terms
Docs ftpftpauscertorgaupubauscertadvisoryaahpuxremotewatchvul
Terms
Docs ftpftpauscertorgaupubauscertesbesb
Terms
Docs ftpftpauscertorgaupubauscertpapersunixsecuritychecklist
Terms
Docs ftpftpisieduinnotesrfctxt ftpftpscocomssesecuritybulletinssba
Terms
Docs ftpftpscocomssesecuritybulletinssbb ftpftpscocomssesecuritybulletinssbc
Terms
Docs ftppatchessgicomsupportfreesecurityadvisoriespx ftpwritabledirectory ftpwrite
Terms
Docs function functional functionality fundamental further furthermore future g
Terms
Docs gain gaining games gathering general generate generated generator generators
Terms
Docs generic georgi get getexe gets getting give given glance gmt godot
Terms
Docs goexpresscom going gone good got gpinesunadfwdfwnet great greater group
Terms
Docs groupwise guess guessable guessed guestbook guidance guninski guy hack had
Terms
Docs hadnt half halt hand handle handlerequest handling handshake happen hardly
Terms
Docs hardware has hat have havent having he header headeridentical headers helo
Terms
Docs help hence herbert herbertdebianorg here heres hidden hide hiding high
Terms
Docs highcard highest highlevel hijacker his hitnum hodgepodge hole horse host
Terms
Docs hosts hotfix hotmail hour house how however hp hphpsbux hpsbux hpux html http
Terms
Docs httparchivesneohapsiscomarchivesbugtraqhtml httpcgiccwhois
Terms
Docs httpcgimattswhoismeta httpcginessusorgpluginsdumpphpid
Terms
Docs httpciacllnlgovciacbulletinsfshtml httpciacllnlgovciacbulletinshshtml
Terms
Docs httpciacllnlgovciacbulletinsiashtml httpcryptoqmailvenemahtml
Terms
Docs httpcvemitreorgboardsponsorsarchivesmsghtml httpeuropesupportexternalhpcom
Terms
Docs httpfreshmeatnetnewshtml httphqmcafeeasapcomvulnerabilitiesvulndataasp
Terms
Docs httplinuxxlockexploittxt httpmarctheaimsgroupcomlbugtraqmw
Terms
Docs httpmarctheaimsgroupcomlntbugtraqmw httpmarctheaimsgroupcomlvulndevmw
Terms
Docs httpmdaemondeerfieldcomhelpdeskhotfixcfm httpncsalongurl
Terms
Docs httpoliverefrihrcrvsecuritybugsnthttpdhtml httppltplpnetippldocshistory
Terms
Docs httpport httprouteripanytext
Terms
Docs httpsunsolvesuncompubcgiretrievepldoctypecolldocsecbulltypenavsecsba
Terms
Docs httpsupportmicrosoftcomsupportkbarticlesqasp httpussupportexternalhpcom
Terms
Docs httpwuarchivewustledumirrorsnetbsdnetbsdcurrentpkgsrcinputmethodcanuumreadmehtml
Terms
Docs httpwwwallairecomhandlersindexcfmid httpwwwauscertorgau
Terms
Docs httpwwwcertorgadvisoriescahtml httpwwwcertorgftpcertbulletinsvbaelm
Terms
Docs httpwwwcertorgvendorbulletinsvbaelm httpwwwcertorgvendorbulletinsvbhp
Terms
Docs httpwwwciscocomwarppubliciostelnetoptpubshtml httpwwwdebianorgsecuritya
Terms
Docs httpwwwgeocrawlercomarchives
Terms
Docs httpwwwibmcomservicescontinuityrecovernsfadvisoriesaebffefileersoaretxt
Terms
Docs httpwwwipnsacomipnsavulnhtmstep httpwwwlarvenetippl
Terms
Docs httpwwwmicrosoftcomsecuritybulletinsmsasp
Terms
Docs httpwwwomnicronabcahttpddocsreleasehtml httpwwwomnicronabcaindexhtml
Terms
Docs httpwwwornlgovitsarchivesmailinglistsqmailthreadshtml
Terms
Docs httpwwwquikstorecomhelppagesconfigurationconfigparametersfullhtm
Terms
Docs httpwwwquikstorecomhelppagessecuritysecurityhtm
Terms
Docs httpwwwredhatcomsupporterratarherratageneralhtmlbootp httpwwwsecurityfocuscom
Terms
Docs httpwwwsecurityfocuscomarchive httpwwwsecurityfocuscombid
Terms
Docs httpwwwsecurityfocuscomfocusmicrosoftiisshowcodehtml
Terms
Docs httpwwwsecurityfocuscomframescontenttemplatesarchivepikeflist
Terms
Docs httpwwwsecurityfocuscomtemplatesadvisoryhtmlid
Terms
Docs httpwwwsecurityfocuscomtemplatesarchivepikelistdate
Terms
Docs httpwwwsecurityfocuscomtemplatesarchivepikelistdatems
Terms
Docs httpwwwsecurityfocuscomtemplatesarchivepikelistdatemsghjibxnojlaccojp
Terms
Docs httpwwwsecurityfocuscomtemplatesarchivepikelistdatemsgpinebsfqaapollotomconet
Terms
Docs httpwwwsecurityfocuscomtemplatesarchivepikelistdatemsgpinelnxjundergroundorg
Terms
Docs httpwwwsecurityfocuscomtemplatesarchivepikelistdatethreadkaabedbugsnetohiostateedu
Terms
Docs httpwwwsendmailorgcaemailspamhtml
Terms
Docs httpwwwsuncomsoftwarejwebservertechinfojwsinfohtml
Terms
Docs httpwwwsuncomsoftwarejwebservertechinfosecurityadvisoryhtml
Terms
Docs httpwwwtechnotroniccomrhinoadvisorieshtm httpwwwwftpdcom
Terms
Docs httpxdejanewscomstrnpsgetdocxpancontext httpxforceissnetalertsadvisephp
Terms
Docs httpxforceissnetstaticphp htype hÿbner i iana iceberg icenewk icmp id idea
Terms
Docs ideas identical identification identified identifies identify identifying
Terms
Docs identity idnet ids ie if iirc iis iisfix ilk ill im img impact impacted
Terms
Docs implementation implementations implements implicitly implies important
Terms
Docs impractical improper improperly in inability inadvertently inappropriate
Terms
Docs inasmuch incident incidentally include included includes including inclusion
Terms
Docs inconsequential incorrect increase increasing incredibly independent
Terms
Docs independently index indicate indicated indicates indications individual
Terms
Docs individually inetdconf inferred infinite info information infovulnerability
Terms
Docs initial initially injected inpopd input insecure inside installed instance
Terms
Docs instances instant instead insufficient intact intended intends intent
Terms
Docs intention intentionally interaction interest interesting interface internet
Terms
Docs interpretations interpreted interpreters into intrinsic introduce introduced
Terms
Docs invalid involved involves involving ios ip ipfragmentc ipinputc ippl iptcp
Terms
Docs irc ircd irix is isnt isolate isps iss isshidden issue issued issues it item
Terms
Docs its itself ive j january japanese java javascript jet jim jolt july june just
Terms
Docs justiying jws kb kcmsconfigure keep keeping kernel kevins key keys keywords
Terms
Docs kill kills kind kit know knowing knowledge knowledgeable known ksh lack
Terms
Docs landfield language large larger laserfiche last late later latest launching
Terms
Docs laundry lcmessages lead leads least leave leaving leblanc lemson length less
Terms
Docs let lets letters level levy levys libc libdtsvca liberally libnsl libnslso
Terms
Docs libpcap library light like likely limit limited limits line lines linii link
Terms
Docs linked links linux linuxsecurity linuxsuperbo linuxsuperloggingbo list listed
Terms
Docs listings lists little loa loadmodule loadmodulemodload local location lock
Terms
Docs locking lockout lockouts log logged logging logins loginscheme logon long
Terms
Docs longer look looked looking looks lookup loop loosely lot lots lotus low
Terms
Docs lowercase lpd lpht lpstat lucy m machine machines machineservice made madness
Terms
Docs mail mailing maintained maintaining make making malformed malicious
Terms
Docs malllogfilesorderlog man management manager manifests manner manually many
Terms
Docs mapping mappings march mark marked markus match matches matching materially
Terms
Docs may maybe mdaemon me mean meaningless means meant meantime measurable media
Terms
Docs meet memory mention mentioned mentions merge merged merging merry message
Terms
Docs messages messanger messenger metacharacter metacharacters metachars method
Terms
Docs methods meunier microsft microsoft microsoftiis microsofts might mike mikes
Terms
Docs mime minimum minor misc mischttpoliverefrihrcrvsecuritybugslinuxipfraghtml
Terms
Docs mischttppulhasorgxploitsdbmunixesadmindhtml mischttppulhasxploitsdbntiishtml
Terms
Docs mischttpsecurityarchivemertonoxacukntsecurityhtml
Terms
Docs mischttpwwwinsecureorgnmapnmapfingerprintingarticlehtml
Terms
Docs mischttpwwwsecurityfocuscominfocus missing mk mktemp mnemonix mode model
Terms
Docs modem modems modes modification modifications modified modify modifying
Terms
Docs modules moment monitored monitoring month more moreover most mount mpras ms
Terms
Docs msg msgpinelnxviteluscom mshtml msiebo mskb mskbq msms msrc mstm mtu much
Terms
Docs mulitple multifaceted multihomed multiple must my n nai name named names
Terms
Docs narrower nat natural nature nay ncode ncr necessarily necessarly necessary
Terms
Docs need needed needs neither nestea nesteanesteav netbios netbsd netbsdnetbsdsa
Terms
Docs netkitftp netmask netpath netstd netstdslinkdiff network networks never new
Terms
Docs newer news newsgroup newtear nfr nfs nix nixs nlspath nmap no nobody nobuo
Terms
Docs non nonalphanumeric nonanon noncritical nondefault nonstandard nonswitched
Terms
Docs noop nor normalize normally northcutt nosuchfilepl not notation note noted
Terms
Docs notes nothing notice novell now nslpath nt ntbased ntbugtraq ntfs null number
Terms
Docs numbers numerous object objection obscure obscurelywritten obsolete obtain
Terms
Docs obtained occurance occurred occurring occurs oct odd of off offensive
Terms
Docs official offline offset often okay old older on once one ones only onthefly
Terms
Docs openbsd openfilecfm opening openserver opensever openssh openwindow operating
Terms
Docs opinion opposed option options or order orderlogdat orderlogvdat original
Terms
Docs originally os oses osfs osicom oss other others our out outlook output
Terms
Docs outside over overflow overflows overlap overlapping overly oversized
Terms
Docs overwhelm overwrite overwriting own owner ozancin p package packages packet
Terms
Docs packets page pages palm palmetto palmos paper paragraph parent parsing part
Terms
Docs particular parties partition parts party pascal passfilt passive password
Terms
Docs passwords past paste patch patchd patched patches patching path pathlocale
Terms
Docs pathnames patrol pattern payload pdf peculiar pending people per performance
Terms
Docs perhaps period periodic perl permission permissions permit persist person
Terms
Docs perspective pertain pertains pervious pf phf philosophy phpfi phrase phrasedm
Terms
Docs physical pilots ping pingicmp pipes pkg pkgcat pkginfio
repeating step and 2 in tesdata
test <- VCorpus(DataframeSource(test_data), readerControl=list(language="English"))
test <- tm_map(test, content_transformer(stripWhitespace))
test <- tm_map(test, content_transformer(tolower))
test <- tm_map(test, content_transformer(removeNumbers))
test <- tm_map(test, content_transformer(removePunctuation))
test.dtm <- as.matrix(DocumentTermMatrix(test, control=list(wordLengths=c(1,Inf))))
convertin into dataframe
train.df <- data.frame(train.dtm[,intersect(colnames(train.dtm), colnames(test.dtm))])
test.df <- data.frame(test.dtm[,intersect(colnames(test.dtm), colnames(train.dtm))])
head(train.df)
label.df <- data.frame(row.names(train.df))
colnames(label.df) <- c("filenames")
label.df<- cSplit(label.df, 'filenames', sep="_", type.convert=FALSE)
train.df$corpus<- label.df$filenames_1
test.df$corpus <- c("Neg")
head(test.df)
df.train <- train.df
df.test <- train.df
df.model<-ksvm(corpus~., data= df.train, kernel="rbfdot")
df.test <- test.df
df.pred <- predict(df.model, df.test)
Error in predict(df.model, df.test) : object 'df.model' not found